Chapter 6: Windows Servers on the LAN
History of Windows Networks Over 90% of the world’s computers run a Microsoft operating system. The first Windows network operating system was NT 3.1. It had an interface similar to Windows 3.1 and integrated well with other popular network operating systems. Windows NT4 (1995) was the network operating system that lead to Microsoft’s current dominance. Windows 2000 included Active Directory as well as many improvements over Windows NT 4. Windows Server 2003 was not as revolutionary as Windows 2000, but included many security improvements. Expected to be Microsoft’s flagship server product until 2007.
Introduction to Windows Server 2003 Graphical user interface (GUI): Pictorial representation of computer functions Enables administrators to manage files, users, groups, security, printers, etc. Four Windows Server 2003 editions: Standard Edition Web Edition Enterprise Edition Datacenter Edition
Windows Server 2003 Hardware Requirements Minimum hardware requirements for Server 2003, Standard Edition
Windows Server 2003 Memory Model 32-bit and 64-bit addressing schemes supported Require different versions of Windows Server 2003 Require different types of processors The larger the addressing size, the more efficiently instructions can be processed Each application (or process) assigned own 32-bit memory area Helps prevent processes from interfering with each other Virtual Memory dialog box allows increase or decrease of paging file size
Domain Windows Server 2003 networks are organized into domains. A domain is a centralized collection (database) of common account security policies, users, servers, and other resources. This collection of security policies, user and computer accounts is stored within Active Directory. Users must log in and be authenticated by a domain controller before they can access resources in a domain. Members of a domain share a common DNS suffix (such as companyname.internal or companyname.local).
Domains (continued) Computers called domain controllers host the Active Directory database. - should use at least two on each network Member servers: Windows Server 2003 computers that do not store active directory information and can not authenticate users Replication: identical copy of directory data on multiple domain controllers
Trees and Forests Active Directory organizes multiple domains hierarchically in a domain tree Root domain: base of Active Directory tree Child domains: branch out to separate groups of objects with same policies Underneath child domains, multiple organizational units branch out to further subdivide network’s systems and objects
OUs (Organizational Units) Multiple domains in one organization
OUs (Organizational Units) A tree with multiple domains and OUs
Trees and Forests A forest is a collection of 1 or more domains trees, that share the same Active Directory schema. A tree is a collection of domains within a forest that share a common DNS namespace (.com). Domains can communicate subsidiary.com company.com kid.company.com child.company.com child.subsidiary.com west.kid.company.com east.kid.company.com A trust relationship means that users in one domain can access resources in a different domain. Trust relationships exist between all domains in a forest. Forest trusts allow all domains in one forest to automatically trust all domains in a second forest.
Trust Relationships Two-way trusts between domains in a tree
Trust Relationships (continued) Explicit one-way trust between domains in different trees
Naming Conventions Naming (addressing) conventions based on LDAP naming conventions Namespace refers to collection of object names and associated places in Win 2000 Server or Win Server 2003 network Internet and Active Directory namespaces are compatible Each Win Server 2003 network object can have three names Distinguished name (DN) Domain component (DC) name Organizational unit (OU) name Common name (CN): unique within a container Relative distinguished name (RDN): uniquely identifies an object within a container User principal name (UPN): preferred naming convention for users in e-mail, Internet services Globally unique identifier (GUID): 128-bit number ensuring that no two objects have duplicate names
Naming Conventions (continued) Distinguished name and relative distinguished name
Planning For Installation Critical preinstallation decisions: How many, how large, and what kind of partitions will the server require? What type of file system will the server use? What will you name the server? Which protocols & network services should the server use? What will the Administrator password be? Should the network use domains or workgroups and, if so, what will they be called? Will the server support additional services? Which licensing mode will you use? How can I remember all of this information?
Microsoft Management Console MMC is the primary tool used to administer Windows Server 2003. A large number of pre- configured MMC are available in the Administrative Tools menu. 3rd party software often ships with custom MMC add-ons. You can build MMC for a particular task by creating a custom MMC. You add snap-ins to the console that are relevant to the task. You can then save or discard the console once you are finished with it. You can use the MMC to administer remote computers within a domain. You add a snap-in with the focus set to the target remote computer.
Computer Management Console Built-in console that allows an administrator to perform most day-to-day system administration tasks as well as remotely administer other Windows computers. Access the Computer Management Console by right-clicking the My Computer icon and then selecting Manage. You can manage other servers using this console by right-clicking Computer Management and then selecting Connect to another computer. Target computer must be a member of the same domain.
Web-Based Administration Windows Server 2003 has a Web-based administrative interface. This allows you to perform administrative duties via a Web browser, including checking logs, managing users, and groups and starting and shutting down services. Administration method can tolerate connection interruptions and delays that other administration methods cannot. Only basic administrative functions can be performed via the Web interface.
Remote Desktop for Administration Allows you to connect to a server and view its screen the same as though you were sitting in front of the computer. Up to two administrators can be connected at once, each viewing a different screen. Requires more bandwidth than other administration methods. Remote Desktop clients exist for Mac OSX, Linux, Solaris, and Windows.
LAN Infrastructure Windows Server 2003 can host a variety of LAN infrastructure services such as DNS, DHCP, and WINS servers. Use the Add/Remove Windows Components section of Add/Remove programs in the Control Panel to add services. When Windows Server 2003 provides these infrastructure services, it must use a static IP address.
Configure a Static IP 1. Open Network Connections from the Control Panel. 2. Right-click Local Area Connection and select Properties. 3. Select Internet Protocol and then click Properties. 4. Select Use the following IP address and enter IP address information.
Windows Server 2003 DHCP Once you have added the DHCP service to Windows Server 2003, you will need to create a new scope. A DHCP scope is a pool of IP addresses that a DHCP server allocates to DHCP clients on the network. You can set other information, such as DNS server address, subnet mask, mail server address, proxy server address, and default gateway as scope options.
Windows Server 2003 DHCP You should set a DHCP lease time that is appropriate to your network. Long lease times if hosts are added and removed from your network occasionally. Short lease times if hosts are regularly added and removed from the network. Use reservations to ensure that certain hosts (such as servers) always have the same IP address. Use exclusions for those hosts that have statically configured IP addresses.
Windows Server 2003 DNS By default, Windows Server 2003 uses Active Directory Integrated Zones (ADI Zones) which are stored within Active Directory. ADI Zones can only be hosted on domain controllers. ADI Zones can be replicated to all domain controllers in the domain or forest. Any DNS server hosting an ADI Zones can process updates to that zone. Only one DNS server can host a primary zone. This server does not need to be a domain controller. Only the server hosting the primary zone can process updates to that zone. The zone data is stored in a zone file. Any DNS server can host a secondary zone. A secondary zone is a read-only copy of an ADI or primary zone. A stub zone is an abbreviated zone that contains only a list of name servers for the target zone. Stub zones are read only and are updated by contacting a DNS server hosting the primary zone. Any Windows Server 2003 DNS server can host a stub zone.
WINS Server Windows Internet Naming System is a legacy name resolution protocol. WINS translates NetBIOS names into IP addresses. WINS is required for LANs that must support Windows NT4 and Windows 9x clients. WINS is not required if all computers on the LAN are Windows 2000, Windows XP or Windows Server 2003. DNS is used for these computers. WINS uses Push/Pull replication. When a pull occurs, all information is transferred to the server performing the pull. When a push occurs, only updates are transferred to the target server. Server A Server A Server B Server B Server A pulls all information from Server B. Server A pushes updates to Server B.
Summary A domain is a centralized collection of common security policies, user and computer accounts. Domain controllers are special computers that host Active Directory. Domain controllers authenticate logons and host common security policy, user and computer accounts. A forest is a collection of domains that share the same Active Directory schema. All domains in a forest automatically trust each other. A tree is a collection of domains within a forest that share a common DNS namespace. Windows Server 2003 can be managed via MMC, Web Interface, or Remote Desktop. Infrastructure servers should use static IP addresses. ADI Zones are hosted on domain controllers. Any DNS server hosting an ADI Zone can process updates to that zone. WINS servers are used to support older clients such as WinNT4 & Win9x.
Discussion Questions In what types of situations would you configure a short DHCP lease? What are the benefits of an ADI zone over a primary zone? Why should an infrastructure server (DNS, DHCP) be configured with a static, rather than dynamic, IP address? What is the difference between a domain, a tree, and a forest? What are the limitations of remotely administering via MMC as opposed to Remote Desktop?