Managing Windows Server 2003 and Active Directory Best Practices ธนินทร์ น้อยรังษี Tanin Noirungsee Technology Specialist Microsoft (Thailand)

What we will cover: Active Directory operations and tasks Active Directory operations and tasks DHCP operations and tasks DHCP operations and tasks DNS operations and tasks DNS operations and tasks WINS operations and tasks WINS operations and tasks Best Practices: Best Practices:  Guide for Securing Windows Server Active Directory Installations  Windows Server 2003 Active Directory Branch Office

Agenda Active Directory Operations Active Directory Operations DHCP Operations DHCP Operations DNS Operations DNS Operations WINS Operations WINS Operations Best Practices: Best Practices:  Guide for Securing Windows Server Active Directory Installations  Windows Server 2003 Active Directory Branch Office

Active Directory Operations Microsoft Operations Framework - MOF Service Level Management Financial Management Service Continuity Mgmt Availability Management Capacity Management Workforce Management Change Management Configuration Mgmt Release Management System Administration Security Administration Service Monitoring and Control Job Scheduling Network Administration Directory Services Administration Print Output Mgmt Storage Management Service Desk Incident Management Problem Management

Active Directory Operations MOF Team Model and Functional Roles I n f r a s t r u c t u r e P a r t n e r S e c u r i t y R e l e a s e S u p p o r t O p e r a t I o n s Change management Release/systems engineering Configuration control/asset management Software distribution/licensing Quality assurance Messaging operations Database operations Network administration Monitoring metrics Availability management Enterprise architecture Infrastructure engineering Capacity management Cost/IT budget mgmt Resource and long range planning Service desk/help desk Production/production support Problem management Service level management Maintenance vendors Environment support Managed services outsourcers Managed services trading partners Software/hardware suppliers Intellectual property protection Network and system security Virus and intrusion detection Audit and compliance admin Contingency planning

Active Directory Operations Operating Quadrant Processes Daily Daily  Back up Active Directory As needed As needed  Restore Active Directory  Manage a SYSVOL  Manage Sites  Recover a domain controller through reinstallation Security Security  As needed

Active Directory Operations Optimizing Quadrant Processes Availability management Availability management  As needed  Managing the Active Directory database  Adding a Global Catalog  Managing the Windows Time Service  Managing trusts Capacity management Capacity management  As needed  Removing Global Catalog  Reducing workload on PDC emulator

Active Directory Operations Changing Quadrant Release Management Release Management  As needed  Installing a domain controller for an existing domain Change Management Change Management  As needed  Removing Active Directory

Active Directory Operations Active Directory Operations Managing Windows Time Service Managing the SYSVOL Reducing Workload on the PDC Emulator Choosing Standby Operations Master Transferring to the Standby Operations Master Role demonstration demonstration

Agenda Active Directory Operations Active Directory Operations DHCP Operations DHCP Operations DNS Operations DNS Operations WINS Operations WINS Operations Best Practices: Best Practices:  Guide for Securing Windows Server Active Directory Installations  Windows Server 2003 Active Directory Branch Office

DHCP Operations Operating Quadrant Processes Daily Daily  Data backup  Service monitoring and control Weekly Weekly  Storage resource management As needed As needed  Data backup, restore and recovery

DHCP Operations Support Quadrant Processes Daily Daily  Classification and initial support  Investigation and diagnosis Weekly Weekly  Investigation and diagnosis As needed As needed  Problem management

DHCP Operations Support Quadrant Processes Daily Daily  Classification and initial support  Investigation and diagnosis Weekly Weekly  Investigation and diagnosis Problem management Problem management  Daily

DHCP Operations Optimizing Quadrant Processes Monthly Monthly  Managing resource and service performance  Capacity management  Monitoring  Analyzing  Performance tuning  Reporting

DHCP Operations Changing Quadrant Processes Daily Daily  Change classification Monthly Monthly  Configuration management  Address pool exclusions  Lease durations  Reservations

DHCP Operations DHCP Operations Data Backup, Restore and Recovery Monitoring Proactive Analysis and Review demonstration demonstration

Agenda Active Directory Operations Active Directory Operations DHCP Operations DHCP Operations DNS Operations DNS Operations WINS Operations WINS Operations Best Practices: Best Practices:  Guide for Securing Windows Server Active Directory Installations  Windows Server 2003 Active Directory Branch Office

DNS Operations Operating Quadrant Processes Daily Daily  Perform monitoring  Data backup Weekly Weekly  Storage resource management As needed As needed  Data backup, restore and recovery

DNS Operations Support Quadrant Processes Daily Daily  Proactive analysis and review Weekly Weekly  Proactive analysis and review Monthly Monthly  Incident closure As needed As needed  Problem recording and classification

DNS Operations Optimizing Quadrant Processes Daily Daily  Managing resource and service performance Monthly Monthly  Managing resource and service performance As needed As needed  Design for recovery

DNS Operations Changing Quadrant Processes Daily Daily  Change classification and authorization Weekly and Monthly Weekly and Monthly  Review configuration items

DNS Operations DNS Operations Reviewing Configuration Items Data Backup, Restore and Recovery Managing Resources and Service Performance Proactive Analysis and Review demonstration demonstration

Agenda Active Directory Operations Active Directory Operations DHCP Operations DHCP Operations DNS Operations DNS Operations WINS Operations WINS Operations Best Practices: Best Practices:  Guide for Securing Windows Server Active Directory Installations  Windows Server 2003 Active Directory Branch Office

WINS Operations Operating Quadrant Processes Daily Daily  Data backup  Proactive analysis and review Weekly Weekly  Storage resource management As needed As needed  Data backup, restore and recovery

WINS Operations Support Quadrant Processes Daily Daily  Investigation and diagnosis  Proactive analysis and review Weekly Weekly  Investigation and diagnosis

WINS Operations Optimizing Quadrant Processes Monthly Monthly  Managing resources and server performance  Capacity management  Monitoring  Analyzing  Performance tuning  Reporting

WINS Operations Changing Quadrant Processes Daily Daily  Change classification and authorization Monthly Monthly  Reviewing configuration items

WINS Operations WINS Operations Reviewing Configuration Items Data Backup, Restore and Recovery Proactive Analysis and Review demonstration demonstration

Agenda Active Directory Operations Active Directory Operations DHCP Operations DHCP Operations DNS Operations DNS Operations WINS Operations WINS Operations Best Practices: Best Practices:  Guide for Securing Windows Server Active Directory Installations  Windows Server 2003 Active Directory Branch Office

For More Information… Microsoft Solutions for Management Microsoft Solutions for Management  ncy/manageability/default.mspx Microsoft Service Product Operations Guides Microsoft Service Product Operations Guides  /msm/winsrvmg/default.mspx

Best Practices: Guide for Securing Active Directory Installations Planning In-Depth Active Directory Security Planning In-Depth Active Directory Security Establishing Secure Active Directory Boundaries Establishing Secure Active Directory Boundaries Deploying Secure Domain Controllers Deploying Secure Domain Controllers Strengthening Domain and Domain Controller Policy Settings Strengthening Domain and Domain Controller Policy Settings Establishing Secure Administrative Practices Establishing Secure Administrative Practices Securing DNS Securing DNS

ADSecurity2003.doc ADSecurity2003.doc Link: erver2003/techinfo/overview/adsecuri ty.mspx Link: erver2003/techinfo/overview/adsecuri ty.mspx erver2003/techinfo/overview/adsecuri ty.mspx erver2003/techinfo/overview/adsecuri ty.mspx Best Practices: Guide for Securing Active Directory Installations

Best Practices: Windows Server 2003 Active Directory Branch Office Planning for Active Directory Deployment in a Branch Office Environment – Part I. 6 chapters Planning for Active Directory Deployment in a Branch Office Environment – Part I. 6 chapters  Active Directory branch office planning process and provide recommendations on how to go about it.  Technical background information to help you understand the rationale for implementing your branch office design. Deploying Active Directory in a Branch Office Environment – Part II. 8 Chapters Deploying Active Directory in a Branch Office Environment – Part II. 8 Chapters  Procedures necessary to deploy Active Directory in your branch office environment. Scripts and Utilities Scripts and Utilities  Scripts and updated utilities that you can use during the deployment process.  Significantly simplify some of the operations used in the deployment process outlined in this guide.

Best Practices: Windows Server 2003 Active Directory Branch Office adbodg03.exe (self-extract zip file) adbodg03.exe (self-extract zip file) Link: Link: /details.aspx?FamilyId=9353A4F6- A8A8-40BB-9FA7- 3A95C &displaylang=en /details.aspx?FamilyId=9353A4F6- A8A8-40BB-9FA7- 3A95C &displaylang=en

Session Summary MSM is a combination of best practices to help customers achieve operational excellence MSM is a combination of best practices to help customers achieve operational excellence MOF includes how to plan and deploy and maintain IT operational processes MOF includes how to plan and deploy and maintain IT operational processes Each Team role has specific functions and goals in the MOF Each Team role has specific functions and goals in the MOF Each function and goal plays a key role to success Each function and goal plays a key role to success

Additional Materials Web Sites dfe61e-fb7b b8-55bcc801b431&displaylang=en 4dfe61e-fb7b b8-55bcc801b431&displaylang=en de6ee7-5df ed-2147c3a9ebbe&displaylang=en. de6ee7-5df ed-2147c3a9ebbe&displaylang=en. d563e1-af1e-49b2-a ab153d&displaylang=en d563e1-af1e-49b2-a ab153d&displaylang=en ed7b8c2-4d8c-49b0-936d-f74775e69c52&displaylang=en ed7b8c2-4d8c-49b0-936d-f74775e69c52&displaylang=en e d8e1-4eca-9c3f-e3f6a61f69e1&displaylang=en e d8e1-4eca-9c3f-e3f6a61f69e1&displaylang=en

What is TechNet? Put the right answers at your fingertips Put the right answers at your fingertips  The comprehensive collection of resources to help IT pros plan, deploy and manage Microsoft products successfully  Monthly updates delivered on DVD or CD  The definitive resource to help you evaluate, deploy and maintain Microsoft products TechNet Subscription  Accessible at  Online resources and community  Subscriber-only Online Services TechNet Web Site  Biweekly e-newsletter  Security updates, new resources, and special offers TechNet Flash  Briefings on the latest Microsoft products and technologies  Hands-on, “how to” information TechNet Events and Webcasts  User Groups  Managed Newsgroups TechNet Communities

Where Can I Get TechNet? Visit TechNet online at Visit TechNet online at Register for the TechNet Flash /technet/abouttn/subscriptions/flash_register.mspx Register for the TechNet Flash /technet/abouttn/subscriptions/flash_register.mspx Join the TechNet online forum at Join the TechNet online forum at Become a TechNet subscriber at Become a TechNet subscriber at Attend more TechNet events or view online Attend more TechNet events or view online

For More Information… Main TechNet Web site at Main TechNet Web site at Additional resources to support this Session page can be found at Additional resources to support this Session page can be found at

Microsoft Learning Training Resources for IT Professionals Managing and Maintaining a Microsoft Windows Server 2003 Environment Managing and Maintaining a Microsoft Windows Server 2003 Environment  Course Number: 2273  Availability: Now  Detailed Syllabus: To locate a training provider, please access

Assess your Readiness Microsoft Skills Assessment What is Microsoft Skills Assessment? Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification) Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification) Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio.NET, Office 2003 Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio.NET, Office 2003 Free, online, unproctored, and available to anyone Free, online, unproctored, and available to anyone Answers the question: “Am I ready?” Answers the question: “Am I ready?” Determines skills gaps and provides learning plans with Microsoft Official Curriculum courses Determines skills gaps and provides learning plans with Microsoft Official Curriculum courses Post your High Score to see how you stack up Post your High Score to see how you stack up visit visit

Become a Microsoft Certified Systems Administrator (MCSA) What is the MCSA certification? What is the MCSA certification?  For IT professionals who manage and maintain networks and systems based on Microsoft Windows Server How do I become an MCSA on Microsoft Windows Server 2003? How do I become an MCSA on Microsoft Windows Server 2003?  Pass 3 core exams  Pass 1 elective exam or 2 CompTIA certifications Where do I get more information? Where do I get more information?

Become A Microsoft Certified Systems Engineer (MCSE) What is the MCSE certification? What is the MCSE certification?  Premier certification for IT pros who analyze the requirements, design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System How do I become an MCSE on Microsoft Windows 2003? How do I become an MCSE on Microsoft Windows 2003?  Pass 6 core exams  Pass 1 elective exams from a comprehensive list Where do I get more information? Where do I get more information?

Demonstrate Your Security or Messaging Specialization What are MCSA/MCSE specializations? What are MCSA/MCSE specializations?  Allows IT professionals to highlight specific expertise within their job role Which specializations are available? Which specializations are available?  MCSA: Security  MCSA: Messaging  MCSE: Security  MCSE: Messaging Where do I get more information? Where do I get more information? or

MS Press Inside information for IT Professionals To find the latest titles, visit

3rd Party Publications Supplementary publications for IT Pro’s These books can be found and purchased at all major book stores and online retailers