[goolen4you]

Many companies now seem to be using Microsoft Active Directory, in many job applications they are looking for not just people with networking experience but usually something along the lines of Active Directory.

Id like to learn about it, gain some experience and see if it is worth pursuing and adding to my "knowledge".

Where is a good place to start as far as tutorials or decent reads for someone with decent networking experience but never really used Active Directory?

[JMLot]

I learnt by installing a trail of windows server on a spare pc and googling some guides. There are a lot of wizards in the most recent versions of windows server.

[xsVfF9Em]

http://www.petri.co.il/ad.htm

Lot's of good info of that site! [thumbup]

If you have any experience with VM's, that's the best/easiest way to mess around with AD without having to worry about hardware. I use Virtualbox (free) and VMWare Workstation (Paid, but trial available).

You should easily be able to run a 2008/2011 server and 1-2 client OS's (XP, Vista, Win7) on 8GB RAM.

[invasuant]

Personally, I think there is way to much to know about AD from just reading. You need to actually perform the tasks to really learn them. So it's good to have a playground to work with (as suggested, VM's are great for this purpose)

It's also kinda funny. I was just researching some AD / GPO stuff this morning. One of my clients asked me to set up a rule to automatically log off all the users from a terminal server at a designated time. Turns out to be incredibly easy once you know which settings need to be changed. Just turn on "Force logoff when logon hours expire" in GPO, and then set the logon hours for the users in AD.

I've never needed to use that function before so I had to learn it. It's a good example that quite a number of things you do in AD you'll essentially learn on the fly.

[Fksxneng]

Active Directory seems very easy and even I managed to setup a domain with GPOs linked to specific users and security groups and a few roaming profiles in about a day. Hardest area I found was DNS and I always found errors in event logs

I think perfectmark's idea is also the best bet. Don't read, do. Use searches and play about with it, ideally by having two physical machines right next to each other and you'll soon get going.

I've never needed to use that function before so I had to learn it. It's a good example that quite a number of things you do in AD you'll essentially learn on the fly. Yep, I agree. Set up the system as basic as possible - just be able to logon then play around with OUs, Security Groups, Logon Restrictions, Scripts etc

[Vomekayafboke]

Active Directory seems very easy and even I managed to setup a domain with GPOs linked to specific users and security groups and a few roaming profiles in about a day. Hardest area I found was DNS and I always found errors in event logs

Like most powerful software these days, it's only when something goes wrong you realise how much there is to learn about it.

[Kiariitf]

I would recommend reading up on Microsoft MCITP literature, probably for exam 70-640.
AD can get complex when you consider things like DNS, DHCP, FSMO roles, multiple sites, cross domain trusts, single forest-multiple domain configurations...

Installing and playing around with AD on a vm or something is worthwhile but you probably won't expose yourself to complex setups, which simulate how AD is deployed in larger enterprises. Some reading material (maybe even CBT videos) would go a long way.

[Fksxneng]

Like most powerful software these days, it's only when something goes wrong you realise how much there is to learn about it.

True, but most were out of my hands I think as many were that it could not find someinternetserver.com.

Anyway, it was a .local domain and I wasn't forwarding traffic through the AD server - I configured all the NICs to use our ISP's DNS in primary and our local DNS server as the secondary and the server was set to forward requests, again, to the ISP's DNS. Gateway was set to the router.

I'd be inclined that sites that could not be resolved by the primary were attempted to be requested by our DNS server, not resolved due to site not existing any more, then thrown up as an error in the event log.

[Psymoussy]

True, but most were out of my hands I think as many were that it could not find someinternetserver.com.

Anyway, it was a .local domain and I wasn't forwarding traffic through the AD server - I configured all the NICs to use our ISP's DNS in primary and our local DNS server as the secondary and the server was set to forward requests, again, to the ISP's DNS. Gateway was set to the router.

I'd be inclined that sites that could not be resolved by the primary were attempted to be requested by our DNS server, not resolved due to site not existing any more, then thrown up as an error in the event log.

Your PC's should only be using the local DNS (AD server). Your DNS server should be set to forward requests it can't answer to your ISP. I use opendns myself. If you don't do it this way, you are just asking for trouble in an AD environment.

[Fksxneng]

Your PC's should only be using the local DNS (AD server). Your DNS server should be set to forward requests it can't answer to your ISP. I use opendns myself. If you don't do it this way, you are just asking for trouble in an AD environment.

Hmm seemed to work fine on the 20 PCs set up like that but will take that into account next time I set up a domain network

[Psymoussy]

Hmm seemed to work fine on the 20 PCs set up like that but will take that into account next time I set up a domain network

Oh it will seem to work for sure, but will cause issues in the long run. Local services and programs on the network will have issues eventually. You will also see a lot more errors in event viewer. On a small network the problems won't really show themselves, but on a large network they will be more apparent.

I've seen issues with group policy not applying correctly too or not at all. Then it will start working again only to not work some time down the road.

[Fksxneng]

Yeah, I didn't have issues with setting GPOs as I repackaged programs into MSIs to install at logon so I never really bothered to see if how I set up the network was right or wrong really. Was more of a toy if days were slow I'd play with an option or two.