Examining a Windows NT Infrastructure (2)

Slides:



Advertisements
Similar presentations
Active Directory: Beyond The Basics
Advertisements

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Chapter 7 WORKING WITH GROUPS.
Vikram Thakur Introduction to Active Directory Structure.
Active Directory Implementation Class 4
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Exploring Directory Services. Need for DS Multiple servers, multiple services in single network –Multiple servers for reliability, security, optimizing.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Working with domains and Active Directory
Chapter 7: WORKING WITH GROUPS
Designing Active Directory for Security
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.
Designing Group Security Designing security groups Designing user rights.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
11.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 11: Planning.
Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional.
1 Windows 2008 Configuring Server Roles and Services.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Operations Master / FSMO Roles in Active Directory : Suhail Ashfaq Butt.
Global Catalog and Flexible Single Master Operations (FSMO) Roles
2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Logical and Physical Network Design 1. Active Directory Objects Objects Represent Network Resources (Users,Groups,Computers,Printers) Attributes Store.
Global Catalog and Flexible Single Master Operations (FSMO) Roles BAI516.
Module 8: Planning for Windows Server 2008 Active Directory Services.
11 GLOBAL CATALOG AND FLEXIBLE SINGLE MASTER OPERATIONS (FSMO) ROLES Chapter 4.
7.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 7: Planning.
Planning an Active Directory Deployment Lesson 1.
9.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 9: Planning.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Active Directories: Purpose and Structure Chrystom Ciganko IFMG352 Final Presentation.
Active Directory Replication (Part 1) Paige Verwolf Support Professional Microsoft Corporation © 1999 Microsoft Corporation. All rights reserved.
Implementing Active Directory Domain Services
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Active Directory and Group Policy
Active Directory Administration
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Active Directory Stored collection of information about objects
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Windows Server 2008 Administration
Microsoft Windows Server 2003 Active Directory Infrastructure
Chapter 4: Planning the Active Directory and Security
Windows Active Directory Environment
Unit 5 NT1330 Client-Server Networking II Date: 7/12/2016
Microsoft Active Directory
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Presentation transcript:

Examining a Windows NT Infrastructure (2) (Skill 1) Examining a Windows NT Infrastructure (2) Number and configuration of domains and trusts Defines the domain model in use Of utmost concern when upgrading rather than restructuring Types of domain models used in Windows NT Single master Multi-master Mesh (full trust)

Examining a Windows NT Infrastructure (3) (Skill 1) Examining a Windows NT Infrastructure (3) Single master domain model Consists of one account domain trusted by one or more resource domains User accounts are contained in the account domain (also called master domain) Resources are administered from the resource domain Advantage: centralized model with well-defined administrative boundary Disadvantages: reduced user limits and potential for excessive WAN traffic

Examining a Windows NT Infrastructure (4) (Skill 1) Examining a Windows NT Infrastructure (4) Multi-master domain model Consists of multiple account and resource domains, with master domains all trusting each other and resource domains trusting all master domains Accounts are contained in all master domains Resources are administered in the resource domain Advantages: fairly well-centralized, strong administrative boundaries, and higher account limits than single master Disadvantages: increased complexity and still some potential for excessive WAN traffic

Examining a Windows NT Infrastructure (5) (Skill 1) Examining a Windows NT Infrastructure (5) Mesh (full trust) domain model Contains multiple domains that all trust all other domains Accounts and resources are administered in each domain Advantages: unlimited account limits and few traffic problems Disadvantages: very complex administrative structure, difficult to administer if more than four domains, requires defining and administering an excessive number of trust relationships

Examining a Windows NT Infrastructure (6) (Skill 1) Examining a Windows NT Infrastructure (6) Administrative model Normally follows domain structure Important to understand because the model helps define administrative boundaries in new network Most accurate way to determine is to examine daily functions of each member of administrative team Other methods Interviewing administrative or IT management Examining permissions, rights, and group memberships Helpful to create diagram once examination is complete

Examining a Windows NT Infrastructure (7) (Skill 1) Examining a Windows NT Infrastructure (7) Replication Almost entirely dependent on domain model chosen and domain controller layout Windows NT uses replicator service to replicate file and folder structures to specific servers In Windows Server 2003 and Windows 2000 Server, this function has been taken over by the File Replication Service (FRS) During design process, you must know which folders will need to be replicated by FRS, which almost always includes a subset of the files currently replicated by the replicator service

Examining a Windows NT Infrastructure (8) (Skill 1) Examining a Windows NT Infrastructure (8) System policies Currently configured system policies provide a good starting point on which to base Group Policies System policies also define rights assignments, which are important when designing the security and administrative structure of the new network

Examining a Windows NT Infrastructure (9) (Skill 1) Examining a Windows NT Infrastructure (9) Group structure Must take into account global and local group memberships In many Windows NT networks, global groups are used almost exclusively, which leads to a large number of global groups Rearrange group structure to utilize both global and local groups and follow the Microsoft rule Microsoft rule (A-G-DL-P): Put user accounts (A) into global groups (G), put global groups into domain local groups (DL), and then grant permissions (P)

Examining a Windows NT Infrastructure (10) (Skill 1) Examining a Windows NT Infrastructure (10) Domain controller configuration If reusing existing domain controllers, hardware specifications become critical Check compatibility and ability to scale Perform a pilot upgrade if possible If a pilot is not possible, use Performance Monitor or third-party tools to determine peak number of interactive logins that must be supported by each domain controller (primary metric) RAM, disk, and network requirements fairly static Processor requirements depend on number of users interactively logging in during peak period Take other services into account

Examining a Windows NT Infrastructure (11) (Skill 1) Examining a Windows NT Infrastructure (11) Domain controller placement Analysis of current placement helps determine the areas of the network that may be prone to performance or reliability constraints

Figure 3-1 Single master domain model (Skill 1) Figure 3-1 Single master domain model

Figure 3-2 Multi-master domain model (Skill 1) Figure 3-2 Multi-master domain model

Figure 3-3 Mesh domain model (Skill 1) Figure 3-3 Mesh domain model

Figure 3-4 A diagram of a simple administrative model (Skill 1) Figure 3-4 A diagram of a simple administrative model

Figure 3-5 The Microsoft Rule (Skill 1) Figure 3-5 The Microsoft Rule

Examining a Windows 2000 Infrastructure (Skill 2) Examining a Windows 2000 Infrastructure Redesigning a Windows 2000 Active Directory-based infrastructure typically requires a more thorough examination of the existing infrastructure than when redesigning a Windows NT infrastructure Active Directory adds significant complexity to the environment

Examining a Windows 2000 Infrastructure (2) (Skill 2) Examining a Windows 2000 Infrastructure (2) Factors to consider when designing an Active Directory-based network Forest and tree design Existing manual trust relationships DNS configuration Site configuration Schema modifications Organizational unit (OU) design

Examining a Windows 2000 Infrastructure (3) (Skill 2) Examining a Windows 2000 Infrastructure (3) Factors to consider when designing an Active Directory-based network Active Directory security settings Group Policy Sysvol requirements Global catalog server requirements Security and distribution group configuration Flexible Single Master of Operations (FSMO) role configuration

Examining a Windows 2000 Infrastructure (4) (Skill 2) Examining a Windows 2000 Infrastructure (4) Forest and tree design Forest design affects number of schemas, administrative model, number of global catalogs, and trust design If a network contains more than one forest, you should know the reasoning behind that decision Importance of tree design It describes the network’s domain naming model It defines the configuration of default trust relationships within the forest(s)

Examining a Windows 2000 Infrastructure (5) (Skill 2) Examining a Windows 2000 Infrastructure (5) Existing manual trust relationships Types of manual trusts Shortcut trusts (manual two-way transitive trusts, also known as explicit trusts) One-way trusts (typically established between Windows NT and Active Directory domains or different Active Directory forests) Must understand reasoning behind why they exist, because it may influence new design

Examining a Windows 2000 Infrastructure (7) (Skill 2) Examining a Windows 2000 Infrastructure (7) Site configuration Sites are commonly misconfigured Pay special attention to site links and the relationship between physical topology and site topology Mistakes can lead to significantly higher WAN link usage

Examining a Windows 2000 Infrastructure (8) (Skill 2) Examining a Windows 2000 Infrastructure (8) Schema modifications Of concern because schema modifications can make drastic changes to the functionality of Active Directory Examine the number and type of schema modifications, organization’s schema modification guidelines, and reasoning Failure to take schema modifications into account can lead to last minute schema modifications, which can cause massive Active Directory replication and other problems

Examining a Windows 2000 Infrastructure (9) (Skill 2) Examining a Windows 2000 Infrastructure (9) Organizational unit (OU) design One of most significant factors in Active Directory design Affects administrative delegation, object organization, and Group Policy application within each domain

Examining a Windows 2000 Infrastructure (10) (Skill 2) Examining a Windows 2000 Infrastructure (10) Organizational unit (OU) design Need to analyze the certain facets Structure of the OU design Number of levels present in the OU design Organization (or lack thereof) in the design Delegation of permissions Group Policies applied to OUs Use of Block Inheritance and No Override permissions Contents of each OU

Examining a Windows 2000 Infrastructure (11) (Skill 2) Examining a Windows 2000 Infrastructure (11) Active Directory security settings Related to OU design Typically applied to one or more groups within the structure in the form of delegated permissions applied to the OU Sometimes applied to individual objects All should be examined thoroughly

Examining a Windows 2000 Infrastructure (12) (Skill 2) Examining a Windows 2000 Infrastructure (12) Group Policy Settings have a significant impact on operation of systems within the network Note which Group Policy Objects (GPOs) are applied at site, domain, and OU levels. Examine each GPO to determine their configured settings Examine use of No Override and Block Inheritance Examine permissions configured on each Group Policy

Examining a Windows 2000 Infrastructure (14) (Skill 2) Examining a Windows 2000 Infrastructure (14) Global catalog server requirements Examine locations, paying special attention to locations that do not contain any global catalog servers Examine the configuration of each existing global catalog server Examine reliability and performance statistics Examine network traffic related to global catalog replication and queries

Examining a Windows 2000 Infrastructure (16) (Skill 2) Examining a Windows 2000 Infrastructure (16) Flexible Single Master of Operations (FSMO) role configuration Examine placement of these roles closely, because they are so important Make sure in new design that you transfer roles as necessary to achieve maximum level of reliability and redundancy

Examining a Windows 2000 Infrastructure (17) (Skill 2) Examining a Windows 2000 Infrastructure (17) FSMO role configuration Obtain the following information on servers currently hosting FSMO roles Server hardware configuration Server performance and reliability statistics Backup records or logs Other services configured Security settings Whether the server is a global catalog server Whether the server hosts more than one FSMO role

Figure 3-9 Analyzing Group Policy application (Skill 2) Figure 3-9 Analyzing Group Policy application

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.