70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter One Introduction to Windows and Networking
Guide to MCSE , Objectives Differentiate between the editions of Windows XP Professional Differentiate between the editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Explain Windows Server 2003 Active Directory concepts Install Active Directory on a domain controller
Guide to MCSE , The Microsoft Networking Family Collection of operating systems (OSs) –Work directly with hardware to provide environment in which other software operates Server: Computer that hosts resources for use by other systems on network Client: Typically systems on workers’ desks Application programming interface (API): Provides set of software routines enabling an application to access operating services on local and network computers
Guide to MCSE , Common Features in Windows XP and Windows Server 2003 Multiple Processors: –Multiprocessing: Capable of supporting multiple CPUs Multiple applications can run simultaneously Multitasking: Computer processes multiple tasks simultaneously –Preemptive multitasking: Windows maintains strict control over how long execution threads can take possession of CPU –Cooperative multitasking: Individual applications take control over CPU for as long as they like
Guide to MCSE , Common Features in Windows XP and Windows Server 2003 (continued) Multithreading: Individual tasks within a process space can operate more or less independently as threads –Thread: Minimal unit of code in an application or system that can be scheduled for execution –CPU can run only single thread at a time Process of switching between active threads is so fast that system appears to run programs simultaneously
Guide to MCSE , Common Features in Windows XP and Windows Server 2003 (continued) File Systems: Used to format volumes and partitions on hard drives –File allocation table (FAT): File system originally used by DOS –FAT32: Enhancement of FAT16 file system developed for Windows 95 OSR2 and included in Windows 98 –New Technology File System (NTFS): High- performance, secure, object-oriented file system first introduced in Windows NT NTFS version 5 preferred file system for Windows Server 2003 and Windows XP
Guide to MCSE , Windows XP Windows XP Professional: Ideal client OS for connecting to and interacting with a Windows 2000 Server or Windows Server 2003 domain Windows XP 64-Bit Edition: Specialized version of Windows XP Professional designed for the 64-bit Itanium 2 processor from Intel Windows XP Media Center Edition: Designed specifically for computers that serve as multimedia operation centers
Guide to MCSE , Windows XP (continued) Table 1-1: Windows XP Professional system requirements
Guide to MCSE , Windows XP (continued) Windows XP Tablet PC Edition: Designed specifically for use on tablet PCs –Improved speech and pen capabilities Windows XP Home Edition: Designed for standalone home use –Basically same as Windows XP Professional but does not support several business-level features
Guide to MCSE , Windows Server 2003 Editions: Standard Edition Designed to meet everyday needs of small to large businesses –Or to function as departmental server in larger environments –File and print services, secure Internet connectivity, and centralized management of network resources Supports up to four processors in symmetric multiprocessing (SMP) system Up to 4GB of RAM Lacks support for Itanium platform and clustering
Guide to MCSE , Windows Server 2003 Editions: Standard Edition (continued) Table 1-2: Windows Server 2003, Standard Edition, system requirements and feature support
Guide to MCSE , Windows Server 2003 Editions: Enterprise Edition Designed to meet needs of organizations that support higher-end applications –Up to eight processors –Provides clustering capabilities for up to eight nodes Link multiple systems so that they function as one –Non-Uniform Memory Access (NUMA) support for SMP computers –Supports Microsoft Metadirectory Services (MMS) –Includes Windows System Resource Manager (WSRM)
Guide to MCSE , Windows Server 2003 Editions: Enterprise Edition (continued) Table 1-3: Windows Server 2003, Enterprise Edition, system requirements and feature support
Guide to MCSE , Windows Server 2003 Editions: Datacenter Edition Designed for environments with mission-critical applications, very large databases, transaction- processing systems, and information access requiring highest possible degree of availability –Supports between 8 and 32 processors Can be obtained only from original equipment manufacturers (OEMs)
Guide to MCSE , Windows Server 2003 Editions: Datacenter Edition (continued) Table 1-4: Windows Server 2003, Datacenter Edition, system requirements and feature support
Guide to MCSE , Windows Server 2003 Editions: Web Edition Designed for hosting and deploying Web services and related applications –Supports up to two processors –Specifically optimized to run IIS 6.0 –Can’t be configured as a domain controller
Guide to MCSE , Windows Server 2003 Editions: Web Edition (continued) Table 1-5: Windows Server 2003, Web Edition, system requirements and feature support
Guide to MCSE , Activity 1-1: Determining the Windows Server 2003 Edition Installed on a Server Objective: Determine the edition of Windows Server 2003 installed on your server –Use System Properties dialog box
Guide to MCSE , Windows Networking Concepts Overview Two security models used in Windows network environments: –Workgroup model: Used by smaller organizations –Domain model: Used by larger organizations Three possible roles for Windows Server: –Standalone server –Member server –Domain controller
Guide to MCSE , Workgroups Logical group of computers characterized by decentralized security and administration model Security Accounts Manager (SAM) database: Used to perform authentication Users need unique user account configured on each workstation they log on to Should be used in networks with 10 or fewer client systems Does not explicitly require a server
Guide to MCSE , Workgroups (continued) Figure 1-2: The workgroup model
Guide to MCSE , Domains Logical group of computers characterized by centralized authentication and administration User, group, and computer accounts stored in centralized directory database –Active Directory –Domain controller: Computer(s) storing database –Users authenticated through domain controller Highly recommended in environments with more than 10 users or workstation Requires at least one server to be configured as domain controller
Guide to MCSE , Domains (continued) Figure 1-4: The domain model
Guide to MCSE , Domain Controllers Windows Server system configured to store copy of directory database Service user authentication requests or queries about domain objects –Primary domain controllers (PDCs) or backup domain controllers (BDCs) One PDC per domain –Holds master copy of domain database objects Servers promoted to role of domain controller using Active Directory Installation Wizard or Configure Your Server Wizard
Guide to MCSE , Member Servers Systems that have an account in a domain but not configured as domain controller –Used for wide variety of functions Including file, print, and application services –Commonly host network services e.g., Domain Name Service (DNS) and Routing and Remote Access Service (RRAS)
Guide to MCSE , Activity 1-2: Determining the Domain or Workgroup Membership of a Windows Server 2003 System Objective: Determine the domain or workgroup membership of a Windows Server 2003 system –Use System Properties dialog box
Guide to MCSE , Computer Accounts Computers running Windows NT, Windows 2000, Windows XP, or Windows Server 2003 assigned computer accounts as part of joining a domain –Provides method for authenticating computers that are members of a domain and auditing access to network resources In Active Directory, computer accounts represented as computer objects –Can be viewed using administrative tools Such as Active Directory Users and Computers
Guide to MCSE , Introduction to Windows Server 2003 Active Directory Directory service: Provides central means of storing, managing, and accessing information about network objects belonging to domain(s) Active Directory: Native directory service included with Windows Server 2003 –Central point for storing, organizing, managing, and controlling network objects –Single point of administration of objects and Active Directory published resources –Logon and authentication services for users –Delegation of administration
Guide to MCSE , Active Directory Time Synchronization When change transaction made to an Active Directory domain controller, it is time stamped and sent to other domain controllers –Domain controllers must synchronize internal clocks Network Time Protocol (NTP)
Guide to MCSE , Domain Name Services Active Directory uses Domain Name Service (DNS) to maintain domain-naming structures and locate network resources –Active Directory names must follow standard DNS naming conventions
Guide to MCSE , Active Directory Objects Object: Represents network resources –i.e., users, groups, computers, and printers When object created in Active Directory, attributes assigned to supply information about object Can perform search of specific attributes related to objects
Guide to MCSE , Active Directory Objects (continued) Figure 1-6: Creating a new user object
Guide to MCSE , Active Directory Schema Defines objects and attributes for entire Active Directory structure –One schema for an Active Directory implementation Replicated among all domain controllers on network Consists of two main definitions: –Object classes: Types of objects able to be created –Attributes: Describe the object Created and stored separately in schema Can be used with multiple object classes
Guide to MCSE , Active Directory Logical Structure and Components Logical components that make up an Active Directory structure: –Domains and organizational units –Trees and forests –Global catalog
Guide to MCSE , Domains and Organizational Units Organizational unit (OU): Logical container for organizing objects in a single domain –Store users, groups, computers, and other OUs –Easier to locate and manage Active Directory objects –Ability to apply group policy settings to define more advanced features –Ability to delegate administrative control over OUs
Guide to MCSE , Domains and Organizational Units (continued) Figure 1-8: An Active Directory domain and OU structure
Guide to MCSE , Trees and Forests May need multiple domains within network Forest root domain: First Active Directory domain created in an organization –When multiple domains needed, connected to forest root to form single tree or multiple trees Tree: Hierarchical collection of domains –Share contiguous DNS namespace Transitive trust: All trusted domains implicitly trust one another Forest: Collection of trees that do not share contiguous DNS naming structure
Guide to MCSE , Trees and Forests (continued) Figure 1-9: The Dovercorp.net domain tree
Guide to MCSE , Trees and Forests (continued) Figure 1-10: Creating an Active Directory forest
Guide to MCSE , Global Catalog Index and partial replica of objects and attributes most often used throughout the Active Directory structure Used primarily to: –Enable users to find Active Directory information –Provide universal group membership information for logging on to network –Supply authentication services when users from other domains log on with User Principal Name (UPN) –Respond to directory lookup requests
Guide to MCSE , Active Directory Communication Standards Lightweight Directory Access Protocol (LDAP): Used to query or update Active Directory database directly –Follows specific naming convention Distinguished name: Unique for every object –Domain component (DC) –Common name (CN) Relative distinguished name (RDN): Portion of DN that uniquely identifies the object in the container
Guide to MCSE , Active Directory Physical Structure Relates to actual connectivity of physical network –Must ensure that modifications to Active Directory database replicated quickly between domain controllers –Must design topology so that replication doesn’t saturate available network bandwidth Active Directory site: Combination of one or more Internet Protocol (IP) subnets linked by high-speed connection Site link: Configurable object –Represents connection between sites
Guide to MCSE , Active Directory Physical Structure (continued) Figure 1-11: The site structure of Dovercorp.net
Guide to MCSE , Setting Up Active Directory: Plan the Domain Structure Define domains needed –Reasons for implementing multiple domains: Delegation of administrative tasks Geographical location Security High number of objects When a Windows Server 2003 computer promoted to domain controller, given options to add server to existing domain or to create new domain
Guide to MCSE , Setting Up Active Directory: Plan the Domain Structure (continued) Figure 1-12: Options for creating a new domain
Guide to MCSE , Setting Up Active Directory: Plan the Namespace Active Directory uses hierarchical domain-based name structure to locate network computers Active Directory uses NetBIOS names for backward compatibility with older systems –NetBIOS names not based on hierarchical system of domains Public namespace: Allows users to access network resources from any location Private namespace: Contained only on internal DNS servers
Guide to MCSE , Setting Up Active Directory: Plan the Namespace (continued) Figure 1-13: Configure TCP/IP settings for an Active Directory domain controller
Guide to MCSE , Activity 1-3: Configuring TCP/IP on a Windows Server 2003 Computer Objective: Configure the IP address of DNS on a Windows Server 2003 computer –Via network connections properties
Guide to MCSE , Installing Active Directory Installation of Active Directory performed by promoting one or more servers to domain controllers –Should select most capable server as first domain controller –Servers to be promoted should be assigned fixed IP addresses and appropriate names Promotion involves using Dcpromo to install Active Directory service on computer
Guide to MCSE , Activity 1-4: Installing Active Directory Objective: Use Dcpromo to install Active Directory and DNS on your Windows Server 2003 computer –Promoting first server on network to a domain controller installs Active Directory service on the selected server and creates the Active Directory forest root for the network
Guide to MCSE , Summary Windows Server 2003 and Windows XP Professional offer a distinct operating environment The Windows XP family of operating systems is available in several editions Windows Server 2003 is available in four editions A workgroup model is characterized by decentralized authentication and administration A domain model provides centralized authentication and administration
Guide to MCSE , Summary (continued) Active Directory is the native directory service for Windows Server 2003 operating systems The logical components of Active Directory include domains, organizational units, trees, forests, and the global catalog The physical components of Active Directory include domain controllers and sites The process of promoting a Windows Server 2003 system to a domain controller involves using Dcpromo to install Active Directory services on the server
Guide to MCSE , Summary (continued) Although Active Directory uses both DNS and NetBIOS to name domains, DNS is the primary naming system Before promoting a server to an Active Directory domain controller, you should plan the domain and namespace structure and identify the DNS server to be used