I am a certified .NET Developer, and I do a lot of Sharepoint development at work. Adding/editing/deleting users requires using AD and of course, anything to do with the site structure in Sharepoint has a relation to IIS.
As a developer, what do I need to know about IIS/AD and Windows Server as a whole? One of the things I am wondering is how can I make a user be included in several groups?
Thanks
Understanding Active Directory: Any user can be in many groups in AD, the problem is how to get them there. Doing it programatically is possible and easy enough but the question is does your security policy allow that sort of thing? Who controls the AD where you're app is to be deployed and how tightly has more to do with that sort of thing than the actual technical details of adding people to groups. These are great questions to start asking before you get to the roll out phase.
The same goes for IIS. The policy issues are almost always greater than the technical ones. Asking what you can and can't do without raising a fuss is a great start. The use of virtual directories, and virtual sites is another good thing to get your head around.
And as long as you're asking, here are a few more things I wish more developers were interested in understanding.
A server is not a permanent unchanging entity, hardware gets replaced, ISPs change, drives fill.. Don't hard code things like absolute file paths, IP addresses, and server names.
Another big one is know what your application actually needs to run. On a server nobody really wants to have to install all the bells and whistles ever because the developer can't tell you what they're calling. One App that lives in memory for me is one where I ended up having to install MSSQL Server 2005 on a web server just because the code wouldn't run without it. Eventually (months and hours work later) we figured out what was going on and how to avoid that. If it hadn't been so important an app with such clout behind it I would have shoved it back and said "absolutely not, because that is a HUGE security risk"
Those sorts of things cause endless troubleshooting headaches on the back end. "It works on my machine" are only so helpful because you probably have a ton more tools on your machine than we want installed on a server. Also a test environment should be as close as possible to production to eliminate these sorts of issues.
From my experience, these are the areas I wish the devs new more about:
IIS. Especially important for ASP.Net apps. A few key areas to look into:
IP Binding and Host Headers. When you create a new IIS site, making sure you know how to configure the IP and host headers correctly.
Application Pool Settings. There are a number of settings here that impact your application, including timeout values and recycling. Be sure to understand how those might impact your sessions.
Enabling Methods. If you are doing a REST API, know how to enable additional methods like PUT.
SSL Certificates. Understand how to install an SSL certificate and how the process of getting a certificate works.
Performance Tweaks. Ensure you know how to enable GZIP, disable e-tags, configure content expiration, and set cache headers. Use Fiddler to see how IIS is responding to requests. You can dramatically improve your application's performance with a few simple changes.
WCAT. Related to IIS, but understand how to set up WCAT and set up load testing for your application. That way you can have hard data on your application's response time and limitations.
Permissions. Understand what permissions need to be on what folders in your application. For example, if your app writes to a folder, do you need to give NETWORK_SERVICE access to that folder?
Windows Firewall. Seems basic, but especially for Windows Server 2008, understand how to add an entry to the firewall, set the port, set the scope, etc.
SMTP Server. Understand how to set up, configure, and troubleshoot the Windows SMTP Server. You may also want to look at HMailServer as an alternative to use with your apps. Also, read up on SPAM filtering and how to correctly create emails (proper from, to, multipart messages, etc).
SQL Server IP and Port Binding. Not directly related to Windows Server, but comes up a lot. Understand how to set up SQL Server to bind to a specific IP and port. Know the difference between dynamic and static ports, how to set up and connect to non-standard ports, how to construct connection strings using instance names and custom ports.
Many of the items on the above list are in the domain of Server Admins, but you can make yourself much more valuable if you can understand and troubleshoot those areas.
Hmm, this might actually be a stackoverflow.com question (to get answers from other programmers). If you're wondering what a sysadmin might want programmers to know, I'd say:
Performance monitoring - the easier your code is on the hardware, the better
Understand (and document) how your code interacts with different versions of IIS and Sharepoint
As to your group membership question, I'd use the GUI or DSADD - but you're probably looking for code there? We can get this question migrated over to the sister site if you were really looking for coder input.
I'd recommend knowing 32-bit vs. 64-bit and how much memory your apps (web via IIS or winforms) can consume. I'd also look into IIS7 specifically for all the interfaces, events and overall access to the processing pipeline that can take advantage of windows services.
Active Directory (AD) general knowledge is definitely useful if your app requires it for authentication. Be aware of accounts and permissions as web apps and winforms or general applications all have to run under an active directory account. IIS processes all run under IUSR_machinename and file shares are also bound by security rights. It may seem inconsequential during development as no one may think of the issue but Windows domains are tightly bound by AD and their permissions/ACLs affect everything inside the domain. Just something to make a note of. Note: Also AD policies can affect apps as well.
I'd also recommend working with the EventLogging (for errors and app messages) within the .NET platform as some of the apps I've worked on we had to create our own (error) logging system all the while we had the Windows EventLog available to us. It wasn't difficult in creating a logging system, but why do more work when the EventLog is already available?
Also from an application perspective, I'd look into Microsoft Message Queuing (MSMQ). If your app/site has a lot of data being shuffled across database and web servers or needs to send data to other systems/applications, queuing is a useful technique and MSMQ is free and built into Windows Server. MSMQ is a transactional based messaging system and can be very useful for applications that have dynamic data needs. Sorry to be vague, but to go into MSMQ would take a lot of effort and may be overkill. I'd recommend reading about MSMQ and the general concept of it at MSDN or Wikipedia for starters.
Hope this helps!
Edit: I'd ask the specific question on adding a user (I assume via .NET) to different groups on Stackoverflow, but I thought that the general question about AD and Windows was appropriate for Serverfault.
It depends very much what your role is.
If you have an Architect / Lead Developer role, then you need to know how the system is going to work in production.
If you are doing any deployment you also need to know about the platforms you are going to install on.
If you are a developer who is just getting tasks like "write a function that does x", you do not need to know much.
The interesting thing here is that the market value of a developer that understands the operations side, is much higher than some one who is just a developer.
Don't you ever ever turn on Windows System Resource Manager. It will eat 9-11% CPU at all times for nobody knows what.