Active Directory 4th Edition is the latest update to the classic book on the subject.  I have read at least parts of each of the previous versions and I find it becomes more valuable with each succeeding edition.

Four authors are credited on the cover: Brian Desmond, Joe Richards, Robbie Allen and Alistair G Lowe-Norris.  It might seem to be a book written by committee but what seems to have happened is that each author has been responsible for an edition and built on the work on the previous author(s).

At 789 pages and 33 chapters the book sets out to be a comprehensive guide to “Designing, Deploying and Running Active Directory” and succeeds admirably. Apart from a lot of exercise carrying the book around what do we actually get between the covers?

The book is split into 3 parts. Part 1 covers Active Directory Basics, Part 2 is concerned with the design aspects (though is should be labelled design and deploy) and part 3 is all about scripting.  Part 1 starts with a brief overview of AD history and moves through the fundamental building blocks of AD including Schema, Sites, Replication, DNS and GPOs. Full chapters are devoted to Read Only Domain Controllers and Fine-Grained Password Policies.  Part 2 covers the standard design tasks – forests, domains, OUs,sites, GPOs – and includes a good chapter on AD security. One of the most useful features of the book from my view point is the set of chapters detailing the issues involved in upgrading to a particular version of AD including the new features that appear with each version.

Part 3 is concerned with scripting AD. Opening with good chapters on ADSI and IADS the succeeding chapters show how to work with users and groups, permissions and the schema. WMi gets a brief mention as does DNS. The chapter on programming .NET seems to be there for completeness but does provide a good overview of the subject. The section continues with  two chapters providing an introduction to PowerShell and scripting with PowerShell. The concluding two chapters cover scripting Exchange 2003 and 2007.

Part 3 has a lot of really good information but has the feel that it is becoming slightly disjointed as more material is crammed into it.  For instance the PowerShell examples take the approach of building a test lab but it may have been more helpful to done more to compare and contrast with the earlier VBScript examples.  Another example is in Chapter 26 where it repeatedly talks about usign a COM object to extend the GUI tools – an example would be good even if it was a download. For the next edition I would hope this section is completely revisited especially given the inclusion of PowerShell v2 in Windows 2008 R2 and the AD and GPO PowerShell functionality. One possibility would be to look at the content of this section and the AD Cookbook and think about some rearranging.

Overall this is an excellent book that should be kept close to hand by anyone who is serious about  working with AD. Seriously recommended.