Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration

2 Objectives List the various tasks of a Windows Server 2003 Network administrator Understand general troubleshooting techniques Ease network management with the help of various Windows Server 2003 Administration Tools Explain Windows Server 2003 Active Directory concepts

3 Network Administration Overview Some of the tasks of a Windows Server 2003 Network administrator –Installing and maintaining the operating system –Administering Active Directory –Administering file and print resources –Administering Internet resources –Administering the network infrastructure –Monitoring and troubleshooting Windows Server 2003 –Administering Routing and Remote Access Services (RRAS)

4 Installing and Maintaining the Operating System Tasks related to the operating system –Install the client workstation operating systems –Install and configure the server environment –Troubleshoot and resolve installation problems –Install and manage the required service packs and hot fixes

5 Administering Active Directory Involves –Creating and modifying user objects –Creating and modifying computer objects –Creating and modifying group objects –Managing Active Directory container and object permissions –Creating and troubleshooting Group Policy objects Group Policy: a Windows Server 2003 feature that enables you to create policies that affect domain users and computers

6 Administering File and Print Resources Tasks included in administering file and print resources –Troubleshooting user access to files and printers –Planning and maintaining the most efficient and secure way for users to work with file and print resources

7 Administering Internet Resources Internet administration –Needed because of B2B and B2C online commerce opportunities –Requires mastery of the configuration options within the Windows Server 2003 IIS, including Providing secure access to Internet-accessible resources Troubleshooting client connectivity problems

8 Administering the Network Infrastructure Administering the network infrastructure requires maintaining and troubleshooting network services, protocols, and hardware –TCP/IP protocol Used by Windows Server 2003 for network communications throughout the infrastructure and the Internet –Domain Name System (DNS) service Provides name resolution and network service location capabilities

9 Administering the Network Infrastructure (Continued) –Routers –Dynamic Host Configuration Protocol (DHCP) servers –WINS servers

10 Monitoring and Troubleshooting Windows Server 2003 Maintenance –Monitoring server health –Monitoring system performance Maintenance tools –System Monitor –Event Viewer Troubleshooting tools –Recovery Console –Safe Mode

11 Administering Routing and Remote Access Services Windows Server 2003 Routing and Remote Access Services (RRAS) –Access to the company network using dial-up modems –Virtual private networking (VPN) –Internet connection sharing (ICS) –Network address translation (NAT) –A basic firewall –Remote Desktop for Administration Enables administrators to network servers remotely

12 Network Administration Procedures Possible reasons for network problems –Hardware failures –Security or virus attacks –File corruption

13 Network Troubleshooting Process A systematic approach to troubleshooting helps –Define the exact problem –Quickly solve the problem Steps of a successful troubleshooting process –Define the problem –Gather detailed information about what has changed –Devise a plan to solve the problem –Implement the plan and observe the results –Document all changes and results

14 Windows Server 2003 Management Tools Features and utilities that assist in daily management tasks –The Microsoft Management Console (MMC) –The secondary logon feature –The Task Scheduler –The netdiag command –The Shutdown Event Tracker Logs each time a server is shut down or restarted

15 Windows Server 2003 Management Tools (Continued) The Microsoft Management Console –A customizable management framework that can host a number of management tools –Saved as a Management Saved Console (MSC) file with the.msc extension Snap-ins –Management tools that are added to the MMC –Can be obtained from Microsoft or third-party companies

16 An Empty MMC

17 Add/Remove Snap-in dialog box

18 Customized MMC

19 Windows Server 2003 Management Tools (Continued) Taskpad view –Simplifies administrative procedures –Provides a graphical representation of the tasks that can be performed in an MMC

20 Taskpad view of the Services snap- in

21 The Secondary Logon Feature Network administrators should keep two accounts –One for network management –One for nonadministrative tasks The secondary logon feature allows the administrator to –Log on with the regular user account, then –Open administrative tools as an administrator Administrator account –A command prompt can be used to start applications

22 Run As dialog box

23 Additional Administrator Utilities Several additional utilities are available with Windows Server 2003 or the Windows Server 2003 Resource Kit –Examples Windows Server 2003 Task Scheduler netdiag net command

24 Introduction to Windows Server 2003 Active Directory Active Directory –A directory service database –Services and features: Central point for storing, organizing, managing, and controlling network objects Single point of administration of objects and Active Directory-published resources Logon and authentication services for users Delegation of administration

25 Introduction to Windows Server 2003 Active Directory The Active Directory database –Can be stored on any Windows Server 2003 server promoted to domain controller Multi-master replication –Each domain controller throughout the network has a writeable copy of directory database –Provides a form of fault-tolerance Active Directory –Uses DNS to Maintain domain-naming structures Locate network resources

Active Directory Objects Objects Represent Network Resources (Users,Groups,Computers,Printers) Attributes Store Information About an Object 26 Attributes First Name Last Name Logon Name First Name Last Name Logon Name Attributes Printer Name Printer Location Printer Name Printer Location Active Directory Printers Printer1 Printer2 Suzan Fine Users Don Hall Attribute Value Attribute Value Objects Printers Users Printer3

27 The Active Directory Schema Active Directory schema –Defines objects and attributes for entire Active Directory structure –Consists of two main definitions Object classes Attributes –Stored in the Active Directory database –Replicated among all domain controllers within the network

28 Active Directory Schema Objects Class Examples Objects Class Examples Printers Computers Users Attributes of Users Might Contain: accountExpires department distinguishedName middleName accountExpires department distinguishedName middleName List of Attributes accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Attribute Examples Attribute Examples Active Directory Schema Is: Dynamically Available Dynamically Updateable Protected by DACLs

29 Active Directory Components Logical components of the Active Directory –Provide a way to design and administer the hierarchical, logical structure of the network –Include Domains and organizational units Trees and forests A global catalog

30 Active Directory Components (Continued) Windows Server 2003 domain –Logically structured organization of objects that Are part of a network, and Share a common directory database Each domain –Has a unique name –Is organized in levels –Is administered as a unit with common rules and procedures –Is defined by an IP address on the Internet

31 Active Directory Domains Boundary of Authentication Boundary of Policies Boundary of Replication CONTOSO.COM

32 Active Directory Components (Continued) An organizational unit (OU) –A logical container used to organize objects within a single domain Benefits of using OUs –Easier to locate and manage the Active Directory objects –Define more advanced features by applying Group Policy to an OU –Delegate administrative control over OUs

33 An Active Directory Domain and OU structure

Characteristics of Multiple Domains Reduce Replication Traffic Maintain Separate and Distinct Security Policies Between Domains Preserve the Domain Structure of Earlier Versions of Windows NT Separate Administrative Control Geographic basis Large number of objects Los Angeles Seattle Chicago New York

35 Active Directory Components (Continued) Trees and forests –Forest root domain First Active Directory domain created in an organization –Tree Hierarchical collection of domains that share a contiguous DNS namespace

What Is a Tree? Parent Domain Child Domain Contiguous Namespace sales.contoso.msft Parent Child New Domain Tree Root Domain & Forest Root Domain contoso.msft sales.contoso.msft a two-way, transitive trust relationship

37 Active Directory Components (Continued) –Whenever a child domain is created, a two-way, transitive trust relationship is automatically created between the child and parent domains Transitive trust –All other trusted domains implicitly trust one another

38 The Dovercorp.net domain tree

39 Active Directory Components (Continued) Forest –Collection of trees that do not share a contiguous DNS naming structure –The trees in a forest share a single Active Directory schema Enterprise Admins –Special user group –Allows members to manage objects throughout the entire forest

40 Example of an Active Directory forest

What Is the Forest Root Domain? The Forest Root Domain Is the First Domain Created in a Forest contoso.msft Forest Forest Root Domain nwtraders.msft Tree Tree Root Domain Global Catalog Configuration and Schema Enterprise Admins Schema Admins marketing.nwtraders.msftsales.contoso.msft Tree

42 Active Directory Components (Continued) Global catalog –Index and partial replica of the objects and attributes most frequently used throughout the entire Active Directory structure –Replicated to any server within the forest that is configured to be a global catalog server –The first domain controller in Active Directory automatically becomes a global catalog server –Additional domain controllers can also be configured to be global catalog servers

Global Catalog Global Catalog Server Global Catalog Subset of the Attributes of All Objects Domain QueriesQueries Group membership when user logs on Group membership when user logs on

44 Active Directory Communication Standards DNS naming standard –Used by Active Directory for IP name resolution Providing information on the location of network services and resources Lightweight Directory Access Protocol (LDAP) –Used to query or update the Active Directory database directly

45 Active Directory Communication Standards (Continued) LDAP naming paths –Used when referring to objects stored within the Active Directory –Main components Distinguished name Relative distinguished name

46 Active Directory Physical Structure Relates to the actual connectivity of the physical network –Domain Controllers –Sites

Domain Controller 47 A domain controller is a server containing a copy of the Active Directory. All domain controllers are peers, and maintain replicated versions of the Active Directory for their domains. The domain controller plays an important role in both the logical and physical structure of the Active Directory. It organizes all the domain's object data in a logical and hierarchical data store. It also authenticates users, provides responses to queries about network objects, and replicates directory services. (The physical structure provides the means to transmit this data through well-connected sites.)

Domain Controllers roles 48

Domain Controllers Domain Controller Domain ReplicationReplication User1 User2 User1 User2 = A Writeable Copy of the Active Directory Database Reasons for Creating Multiple Domain Controllers: it is recommended that each domain and each site have more than one domain controller to provide logical and physical structure redundancy and fault tolerance.

Sites Sites: Optimize replication traffic Enable users to log on to a domain controller by using a reliable, high-speed connection Site IP subnet Los Angeles Seattle Chicago New York Combination of one or more Internet Protocol (IP) subnets connected by a high-speed connection WAN Link

Active Directory Physical Structure (Continued) Aims regarding replication –Make sure that any modification to the Active Directory database is replicated as quickly as possible between domain controllers –Make sure that replication does not saturate the available network bandwidth 51

52 Active Directory Physical Structure (Continued) A site link –A configurable object that represents a low- bandwidth or unreliable/occasional connection between sites –Can be adjusted for Replication availability »Using the Schedule onSite Links Bandwidth costs »Higher Cost Numbers Represent Lower Priority Replication Paths Replication frequency »by Setting the Number of Minutes Between

53 The site structure of Dovercorp.net

Domains & sites 54 No formal relationship exists between the boundaries of a site or domain. sites and domains do not have to maintain the same namespace. Sites Can Contain –All domain controllers in a single domain –Some of the domain controllers in a single domain –Domain controllers from different domains

Sites and Domains CONTOSO.COM Site A Site B US.CONTOSO.COM

56 Summary Tasks of a network administrator include: –Software installation –Active Directory (AD) administration –File and print administration –Internet and remote access administration –Network performance monitoring –Troubleshooting Network administrator needs to follow a systematic approach to troubleshooting network problems

57 Summary (Continued) Some tools that a network administrator can use to help with routine network management include: –The Microsoft Management Console (MMC) –The secondary logon service –Command-line utilities, such as netdiag.exe and the net command Active Directory is a directory service database provided with Windows Server 2003 Operating Systems

58 Summary (Continued) Logical components of an Active Directory structure –Domains and organizational units –Trees and forests –Global catalog Active Directory uses the DNS naming standard for –IP name resolution –Providing information on the location of network services Active Directory replication traffic and network logon traffic can be controlled by configuring sites and site links

References Text Book InformIT: Understand Active Directory partIII, Microsoft TechNote, Active Directory Structure and Storage Technologies, us/library/cc759186(WS.10).aspx Microsoft TechNote,Introduction to Active Directory, ea e/Introduzione_a_Active_Directory.PPT Active Directory Fundumentals, damentals/ITPROADD-01%2075%20minute%20version.ppt. And much more.. 59