Docstoc

dd

Document Sample
dd Powered By Docstoc
					 Hands-On Microsoft
Windows Server 2003
   Administration

        Chapter 1
 Windows Server 2003 Network
       Administration
Objectives

• List the various tasks of a Windows Server 2003
  Network administrator
• Understand general troubleshooting techniques
• Ease network management with the help of
  various Windows Server 2003 Administration
  Tools
• Explain Windows Server 2003 Active Directory
  concepts


                                                    2
Network Administration Overview
• Some of the tasks of a Windows Server 2003
  Network administrator
  – Installing and maintaining the operating system
  – Administering Active Directory
  – Administering file and print resources
  – Administering Internet resources
  – Administering the network infrastructure
  – Monitoring and troubleshooting Windows Server
    2003
  – Administering Routing and Remote Access
    Services (RRAS)
                                                      3
Installing and Maintaining the
Operating System

• Tasks related to the operating system
  –   Install the client workstation operating systems
  –   Install and configure the server environment
  –   Troubleshoot and resolve installation problems
  –   Install and manage the required service packs
      and hot fixes



                                                         4
Administering Active Directory
• Involves
  – Creating and modifying user objects
  – Creating and modifying computer objects
  – Creating and modifying group objects
  – Managing Active Directory container and object
    permissions
  – Creating and troubleshooting Group Policy
    objects
      • Group Policy: a Windows Server 2003 feature that
        enables you to create policies that affect domain
        users and computers
                                                            5
Administering File and Print
Resources

• Tasks included in administering file and print
  resources
   – Troubleshooting user access to files and printers
   – Planning and maintaining the most efficient and
     secure way for users to work with file and print
     resources




                                                         6
Administering Internet Resources

• Internet administration
  – Needed because of B2B and B2C online
    commerce opportunities
  – Requires mastery of the configuration options
    within the Windows Server 2003 IIS, including
     • Providing secure access to Internet-accessible
       resources
     • Troubleshooting client connectivity problems



                                                        7
Administering the Network
Infrastructure
• Administering the network infrastructure requires
  maintaining and troubleshooting network
  services, protocols, and hardware
  – TCP/IP protocol
     • Used by Windows Server 2003 for network
       communications throughout the infrastructure and
       the Internet
  – Domain Name System (DNS) service
     • Provides name resolution and network service
       location capabilities

                                                          8
Administering the Network
Infrastructure (Continued)

  – Routers
  – Dynamic Host Configuration Protocol (DHCP)
    servers
  – WINS servers




                                                 9
Monitoring and Troubleshooting
Windows Server 2003
• Maintenance
  – Monitoring server health
  – Monitoring system performance
• Maintenance tools
  – System Monitor
  – Event Viewer
• Troubleshooting tools
  – Recovery Console
  – Safe Mode

                                    10
Administering Routing and Remote
Access Services
• Windows Server 2003 Routing and Remote
  Access Services (RRAS)
  – Access to the company network using dial-up
    modems
  – Virtual private networking (VPN)
  – Internet connection sharing (ICS)
  – Network address translation (NAT)
  – A basic firewall
  – Remote Desktop for Administration
     • Enables administrators to network servers
       remotely
                                                   11
Network Administration Procedures


• Possible reasons for network problems
  – Hardware failures
  – Security or virus attacks
  – File corruption




                                          12
Network Troubleshooting Process
• A systematic approach to troubleshooting helps
  – Define the exact problem
  – Quickly solve the problem
• Steps of a successful troubleshooting process
  – Define the problem
  – Gather detailed information about what has
    changed
  – Devise a plan to solve the problem
  – Implement the plan and observe the results
  – Document all changes and results
                                                   13
Windows Server 2003 Management
Tools
• Features and utilities that assist in daily
  management tasks
   –   The Microsoft Management Console (MMC)
   –   The secondary logon feature
   –   The Task Scheduler
   –   The netdiag command
   –   The Shutdown Event Tracker
        • Logs each time a server is shut down or restarted



                                                              14
Windows Server 2003 Management
Tools (Continued)
• The Microsoft Management Console
  – A customizable management framework that can
    host a number of management tools
  – Saved as a Management Saved Console (MSC)
    file with the .msc extension
• Snap-ins
  – Management tools that are added to the MMC
  – Can be obtained from Microsoft or third-party
    companies

                                                    15
An Empty MMC




               16
Add/Remove Snap-in dialog box




                                17
Customized MMC




                 18
Windows Server 2003 Management
Tools (Continued)

• Taskpad view
  – Simplifies administrative procedures
  – Provides a graphical representation of the tasks
    that can be performed in an MMC




                                                       19
Taskpad view of the Services snap-
in




                                     20
The Secondary Logon Feature
• Network administrators should keep two
  accounts
  – One for network management
  – One for nonadministrative tasks
• The secondary logon feature allows the
  administrator to
  – Log on with the regular user account, then
  – Open administrative tools as an administrator
• Administrator account
  – A command prompt can be used to start
    applications
                                                    21
Run As dialog box




                    22
Additional Administrator Utilities

• Several additional utilities are available with
  Windows Server 2003 or the Windows Server
  2003 Resource Kit
  – Examples
      • Windows Server 2003 Task Scheduler
      • netdiag
      • net command




                                                    23
Introduction to Windows Server
2003 Active Directory
• Active Directory
  – A directory service database
  – Services and features:
     • Central point for storing, organizing, managing,
       and controlling network objects
     • Single point of administration of objects and Active
       Directory-published resources
     • Logon and authentication services for users
     • Delegation of administration


                                                          24
Introduction to Windows Server
2003 Active Directory
• The Active Directory database
  – Can be stored on any Windows Server 2003
    server promoted to domain controller
• Multi-master replication
  – Each domain controller throughout the
    network has a writeable copy of directory
    database
  – Provides a form of fault-tolerance
• Active Directory
  – Uses DNS to
     • Maintain domain-naming structures
     • Locate network resources
                                                25
Active Directory Objects

• An object
   – Represents network resources, such as
      •   Users
      •   Groups
      •   Computers
      •   Printers
   – Possesses attributes that provide information
     about the object
• Active Directory stores a variety of objects within
  the database

                                                     26
The Active Directory Schema

• Active Directory schema
  – Defines objects and attributes for entire Active
    Directory structure
  – Consists of two main definitions
     • Object classes
     • Attributes
  – Stored in the Active Directory database
  – Replicated among all domain controllers within
    the network

                                                       27
Active Directory Components

• Logical components of the Active Directory
  – Provide a way to design and administer the
    hierarchical, logical structure of the network
  – Include
     • Domains and organizational units
     • Trees and forests
     • A global catalog




                                                     28
Active Directory Components
(Continued)
• Windows Server 2003 domain
  – Logically structured organization of objects that
     • Are part of a network, and
     • Share a common directory database
• Each domain
  – Has a unique name
  – Is organized in levels
  – Is administered as a unit with common rules and
    procedures
  – Is defined by an IP address on the Internet
                                                        29
Active Directory Components
(Continued)

• Domains provide the ability to
  – Configure unique security settings
  – Decentralize administration
  – Control replication traffic
• An organizational unit (OU)
  – A logical container used to organize objects
    within a single domain


                                                   30
Active Directory Components
(Continued)


• Benefits of using OUs
  – Easier to locate and manage the Active Directory
    objects
  – Define more advanced features by applying
    Group Policy to an OU
  – Delegate administrative control over OUs



                                                   31
An Active Directory Domain and OU
structure




                                    32
Active Directory Components
(Continued)

• Trees and forests
  – Forest root domain
     • First Active Directory domain created in an
       organization
  – Tree
     • Hierarchical collection of domains that share a
       contiguous DNS namespace



                                                         33
Active Directory Components
(Continued)


 – Whenever a child domain is created, a two-way,
   transitive trust relationship is automatically
   created between the child and parent domains
    • Transitive trust
       – All other trusted domains implicitly trust one another




                                                             34
The Dovercorp.net domain tree




                                35
Active Directory Components
(Continued)
• Forest
  – Collection of trees that do not share a contiguous
    DNS naming structure
  – The trees in a forest share a single Active
    Directory schema
• Enterprise Admins
  – Special user group
  – Allows members to manage objects throughout
    the entire forest

                                                     36
Example of an Active Directory
forest




                                 37
Active Directory Components
(Continued)
• Global catalog
  – Index and partial replica of the objects and
    attributes most frequently used throughout the
    entire Active Directory structure
  – Replicated to any server within the forest that is
    configured to be a global catalog server
  – The first domain controller in Active Directory
    automatically becomes a global catalog server
  – Additional domain controllers can also be
    configured to be global catalog servers


                                                         38
Active Directory Communication
Standards
• DNS naming standard
  – Used by Active Directory for
     • IP name resolution
     • Providing information on the location of network
       services and resources
• Lightweight Directory Access Protocol (LDAP)
  – Used to query or update the Active Directory
    database directly


                                                          39
Active Directory Communication
Standards (Continued)


• LDAP naming paths
  – Used when referring to objects stored within the
    Active Directory
  – Main components
     • Distinguished name
     • Relative distinguished name



                                                       40
Active Directory Physical Structure

• Relates to the actual connectivity of the physical
  network
• Aims regarding replication
   – Make sure that any modification to the Active
     Directory database is replicated as quickly as
     possible between domain controllers
   – Make sure that replication does not saturate the
     available network bandwidth


                                                        41
Active Directory Physical Structure
(Continued)

 • Sites and site links can be configured to
   control
    – Active Directory replication traffic
    – Network logon traffic
 • Active Directory site
    – Combination of one or more Internet Protocol
      (IP) subnets connected by a high-speed
      connection



                                                     42
Active Directory Physical Structure
(Continued)
• A site link
   – A configurable object that represents a low-
     bandwidth or unreliable/occasional connection
     between sites
   – Can be adjusted for
      • Replication availability
      • Bandwidth costs
      • Replication frequency



                                                     43
The site structure of Dovercorp.net




                                      44
Summary

• Tasks of a network administrator include:
  –   Software installation
  –   Active Directory (AD) administration
  –   File and print administration
  –   Internet and remote access administration
  –   Network performance monitoring
  –   Troubleshooting
• Network administrator needs to follow a
  systematic approach to troubleshooting network
  problems
                                                  45
Summary (Continued)

• Some tools that a network administrator can use
  to help with routine network management
  include:
  – The Microsoft Management Console (MMC)
  – The secondary logon service
  – Command-line utilities, such as netdiag.exe and
    the net command
• Active Directory is a directory service database
  provided with Windows Server 2003 Operating
  Systems
                                                      46
Summary (Continued)
• Logical components of an Active Directory
  structure
   – Domains and organizational units
   – Trees and forests
   – Global catalog
• Active Directory uses the DNS naming
  standard for
   – IP name resolution
   – Providing information on the location of network
     services
• Active Directory replication traffic and network
  logon traffic can be controlled by configuring
  sites and site links
                                                     47

				
DOCUMENT INFO