Docstoc

ch_05_ppt

Document Sample
ch_05_ppt Powered By Docstoc
					        Chapter 5


Installing Active Directory
               Learning Objectives
5

     Create a Windows 2000 domain
     Understand the role of DCPromo.exe and the
      Configure Your Server wizard
     Promote a member server to a domain controller
     Demote a domain controller to a member server
     Understand the role of the Active Directory
      database


                                                       2
                 Learning Objectives
5

       Understand the role of the shared system volume
       Understand Active Directory domain modes
       Install Active Directory on a Windows 2000 server
       Add additional domain controllers to a domain
       Change the mode of a Windows 2000 domain




                                                            3
                                Roles
5

     DC’s
         Store the AD database
         DC’s are peers
         Provide logon, security, and management
     Member Servers
         Participate in Domain providing services
         Do not run AD service
         AD Clients


                                                     4
           Preparing for AD Installation
5

     Don’t necessarily follow all the defaults when
      configuring your first Windows 2000 DC
     Issues to consider:
        IP addressing schemes and DNS

               Existing naming convention may be NETBIOS based
          Domain context
               Relationship to other Domains
               AD wizard provides info about existing Domains
               If none exist creates a new Domain

                                                                  5
         Preparing for AD Installation
  5

       Possible domain organizations for Texas
        Pinball and Cattle Company




Geographically organized   Organized by business function
                                                            6
        Domain Tree
5
    TexasPinball.Com


       north.texaspinball.com

            denton.north.texaspinball.com
            dfw.north.texaspinball.com
       corp.texaspinball.com
       south.texaspinball.com

           houston.south.texaspinball.com
           sanantonio.south.texaspinball.com

                 computers
                 printers
                 organizational units

                        users
                        shared resources
                 etc.
                                               7
                         Installing AD
  5

 On a previously configured
  server, use dcpromo.exe to
  activate the AD Installation
  Wizard
 Launching
      dcpromo.exe
      Configure Your Server



                                         8
                  Installing AD
5

     You can also use dcpromo.exe to demote a
      DC to a member server




                                                 9
                Creating Windows 2000
5                      Domains
     Recall:
          Domains - computers sharing a security boundary
              Everything shares the same security, rights, and relationships
          Domain trees - domains sharing a schema, GC, and
           contiguous namespace
          Domain forests - domains trees sharing a common
           schema, configuration, and GC, but not a contiguous
           namespace



                                                                                10
    Using the Active Directory
5            Wizards
                 Configure Your Server
                  Wizard
                     Use to set up first
                      Domain
                     DNS
                     DHCP
                          Use dcpromo




                                            11
          Using the Active Directory
5                  Wizards
     Install the first domain




                                       12
          Using the Active Directory
5                  Wizards
     Select the role of the DC




                                       13
                   Using the Active Directory
       5                    Wizards
 Select the domain
  context
      New Domain Tree
      Child Domain
          Placement with in tree




                                                14
         Using the Active Directory
5                 Wizards
     Create the domain name (FQDN)




                                      15
            Using the Active Directory
5                    Wizards
     NetBIOS domain name
         16 character limitation




                                         16
             Using the Active Directory
 5                    Wizards
 Specify the AD database and logfile locations
        %systemroot%\NTDS default
        Separate drives




                                                  17
             Using the Active Directory
5                     Wizards
     Specify the shared system volume location
          Scripts
          Policies
     NT
          netlogon
     NTFS
          Disk Manager
          convert /?

                                                  18
         Using the Active Directory
5                 Wizards
     Install DNS




                                      19
                           How AD uses DNS
      5



                                       DNS server


Where is the nearest DC?
                           Its over there!
                                                       Ok!!



                                 Userid and password
                                                              Domain Controller

      Client                                                                      20
         Using the Active Directory
5                 Wizards
     View DNS records




                                      21
        Using the Active Directory
 5               Wizards
 Enter AD Restore Mode password
 Not logon pwd
 Don’t forget




                                     22
          Using the Active Directory
5                  Wizards
     Verify installation selections




                                       23
           Using the Active Directory
5                   Wizards
     Promoting a member server to a DC (dcpromo)
         Must be logged on locally as administrator
         Create new or additional Domain (fig 5.9)
         specify the network account for AD installation




                                                            24
              Using the Active Directory
 5                     Wizards
 Promoting a member server to a DC
        select the domain for the new DC
        Remaining steps (fig 5.11)




                                            25
             Using the Active Directory
 5                    Wizards
 Demoting a DC to a member server
        use dcpromo.exe
        Remove 1 DC
        Completely remove
         the Domain




                                          26
           Using the Active Directory
5                   Wizards
     Demoting a DC to a member server
         set local password for administrator of member
          server




                                                           27
           Using the Active Directory
5                   Wizards
     Demoting a DC to a member server
         verify removal of DC




                                         28
             Understanding the Active
5              Directory Database
     Database and database log files are used to maintain
      the directory
     Database file is stored in a file named ntds.dit
     That file is stored in two locations:
          %systemroot%\NTDS\ntds.dit
          %systemroot%\System32\ntds.dit
     Size may not be reported correctly


                                                         29
                 Understanding the Active
   5               Directory Database
 Database log files should be located in a separate partition,
  or on a separate physical drive as the database file (fault-
  tolerance measure)
 AD activity logged to edb.log
 Applied to AD database (ntds.dit) when activity low
 Circular logging
      Overwrites existing log file
 Noncircular logging
      Creates new log files
      HKEY_LOCAL_MACHINE\CurrentControlSetServices\NTDS\Parameters\logging
      ERD                                                                30
             Understanding Active
5           Directory Domain Modes
     Windows 2000 supports two modes of
      operation:
         Native mode
         Mixed mode




                                           31
             Understanding Active
5           Directory Domain Modes
     Mixed mode -supports replication with
      Windows NT DCs
     Use if:
         unable to upgrade all DCs
         unable to secure DCs in AD
         lack resources to upgrade DCs
         wish to use NT as a fallback

                                              32
           Understanding Active
5         Directory Domain Modes
     Native mode - does not support replication
      with Windows NT DCs
     Use if all DCs have been upgraded to
      Windows 2000




                                                   33
             Understanding Active
5           Directory Domain Modes
     Switching to native mode
         Active Directory Domains and Trust
         select a domain




                                               34
           Understanding Active
5         Directory Domain Modes
     Switching to native mode




                                   35
           Understanding Active
5         Directory Domain Modes
     Switching to native mode




                                   36
           Understanding Active
5         Directory Domain Modes
     Switching to native mode -verification




                                               37
            Native Mode Operation
5

     Domain uses AD multimaster replication
      exclusively
     Support for NETLOGON replication is halted
     Windows NT DCs can no longer join the domain
     All DCs can perform directory updates
     Windows 2000 group types are enabled
     Windows 2000 group nesting is enabled
     See handouts for more Group info

                                                     38
                Chapter Summary
5

     Windows 2000 uses DNS to perform name
      resolution
     AD integrates closely with Dynamic DNS
     Increased planning is involved with the Windows
      2000 domain structure
     AD is installed using the Active Directory
      Installation Wizard
     Use the Configure Your Server Wizard or
      dcpromo.exe

                                                        39
                Chapter Summary
5

     dcpromo.exe can be used to promote or demote a
      server to or from DC status
     AD information is stored in the ntds.nit file
     Changes to the database file are logged
      automatically to provide recovery and redundancy
      capabilities
     Domains can run in native or mixed mode. Mixed
      mode allows interoperability with Windows NT
      DCs

                                                         40

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:12/10/2011
language:
pages:40