chap01
advertisement
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration Objectives • List the various tasks of a Windows Server 2003 Network administrator • Understand general troubleshooting techniques • Ease network management with the help of various Windows Server 2003 Administration Tools • Explain Windows Server 2003 Active Directory concepts 2 Network Administration Overview • Some of the tasks of a Windows Server 2003 Network administrator – – – – – – Installing and maintaining the operating system Administering Active Directory Administering file and print resources Administering Internet resources Administering the network infrastructure Monitoring and troubleshooting Windows Server 2003 – Administering Routing and Remote Access Services (RRAS) 3 Installing and Maintaining the Operating System • Tasks related to the operating system – – – – Install the client workstation operating systems Install and configure the server environment Troubleshoot and resolve installation problems Install and manage the required service packs and hot fixes 4 Administering Active Directory • Involves – – – – Creating and modifying user objects Creating and modifying computer objects Creating and modifying group objects Managing Active Directory container and object permissions – Creating and troubleshooting Group Policy objects • Group Policy: a Windows Server 2003 feature that enables you to create policies that affect domain users and computers 5 Administering File and Print Resources • Tasks included in administering file and print resources – Troubleshooting user access to files and printers – Planning and maintaining the most efficient and secure way for users to work with file and print resources 6 Administering Internet Resources • Internet administration – Needed because of B2B and B2C online commerce opportunities – Requires mastery of the configuration options within the Windows Server 2003 IIS, including • Providing secure access to Internet-accessible resources • Troubleshooting client connectivity problems 7 Administering the Network Infrastructure • Administering the network infrastructure requires maintaining and troubleshooting network services, protocols, and hardware – TCP/IP protocol • Used by Windows Server 2003 for network communications throughout the infrastructure and the Internet – Domain Name System (DNS) service • Provides name resolution and network service location capabilities 8 Administering the Network Infrastructure (Continued) – Routers – Dynamic Host Configuration Protocol (DHCP) servers – WINS servers 9 Monitoring and Troubleshooting Windows Server 2003 • Maintenance – Monitoring server health – Monitoring system performance • Maintenance tools – System Monitor – Event Viewer • Troubleshooting tools – Recovery Console – Safe Mode 10 Administering Routing and Remote Access Services • Windows Server 2003 Routing and Remote Access Services (RRAS) – Access to the company network using dial-up modems – Virtual private networking (VPN) – Internet connection sharing (ICS) – Network address translation (NAT) – A basic firewall – Remote Desktop for Administration • Enables administrators to network servers remotely 11 Network Administration Procedures • Possible reasons for network problems – Hardware failures – Security or virus attacks – File corruption 12 Network Troubleshooting Process • A systematic approach to troubleshooting helps – Define the exact problem – Quickly solve the problem • Steps of a successful troubleshooting process – Define the problem – Gather detailed information about what has changed – Devise a plan to solve the problem – Implement the plan and observe the results – Document all changes and results 13 Windows Server 2003 Management Tools • Features and utilities that assist in daily management tasks – – – – – The Microsoft Management Console (MMC) The secondary logon feature The Task Scheduler The netdiag command The Shutdown Event Tracker • Logs each time a server is shut down or restarted 14 Windows Server 2003 Management Tools (Continued) • The Microsoft Management Console – A customizable management framework that can host a number of management tools – Saved as a Management Saved Console (MSC) file with the .msc extension • Snap-ins – Management tools that are added to the MMC – Can be obtained from Microsoft or third-party companies 15 An Empty MMC 16 Add/Remove Snap-in dialog box 17 Customized MMC 18 Windows Server 2003 Management Tools (Continued) • Taskpad view – Simplifies administrative procedures – Provides a graphical representation of the tasks that can be performed in an MMC 19 Taskpad view of the Services snapin 20 The Secondary Logon Feature • Network administrators should keep two accounts – One for network management – One for nonadministrative tasks • The secondary logon feature allows the administrator to – Log on with the regular user account, then – Open administrative tools as an administrator • Administrator account – A command prompt can be used to start applications 21 Run As dialog box 22 Additional Administrator Utilities • Several additional utilities are available with Windows Server 2003 or the Windows Server 2003 Resource Kit – Examples • Windows Server 2003 Task Scheduler • netdiag • net command 23 Introduction to Windows Server 2003 Active Directory • Active Directory – A directory service database – Services and features: • Central point for storing, organizing, managing, and controlling network objects • Single point of administration of objects and Active Directory-published resources • Logon and authentication services for users • Delegation of administration 24 Introduction to Windows Server 2003 Active Directory • The Active Directory database – Can be stored on any Windows Server 2003 server promoted to domain controller • Multi-master replication – Each domain controller throughout the network has a writeable copy of directory database – Provides a form of fault-tolerance • Active Directory – Uses DNS to • Maintain domain-naming structures • Locate network resources 25 Active Directory Objects • An object – Represents network resources, such as • • • • Users Groups Computers Printers – Possesses attributes that provide information about the object • Active Directory stores a variety of objects within the database 26 The Active Directory Schema • Active Directory schema – Defines objects and attributes for entire Active Directory structure – Consists of two main definitions • Object classes • Attributes – Stored in the Active Directory database – Replicated among all domain controllers within the network 27 Active Directory Components • Logical components of the Active Directory – Provide a way to design and administer the hierarchical, logical structure of the network – Include • Domains and organizational units • Trees and forests • A global catalog 28 Active Directory Components (Continued) • Windows Server 2003 domain – Logically structured organization of objects that • Are part of a network, and • Share a common directory database • Each domain – Has a unique name – Is organized in levels – Is administered as a unit with common rules and procedures – Is defined by an IP address on the Internet 29 Active Directory Components (Continued) • Domains provide the ability to – Configure unique security settings – Decentralize administration – Control replication traffic • An organizational unit (OU) – A logical container used to organize objects within a single domain 30 Active Directory Components (Continued) • Benefits of using OUs – Easier to locate and manage the Active Directory objects – Define more advanced features by applying Group Policy to an OU – Delegate administrative control over OUs 31 An Active Directory Domain and OU structure 32 Active Directory Components (Continued) • Trees and forests – Forest root domain • First Active Directory domain created in an organization – Tree • Hierarchical collection of domains that share a contiguous DNS namespace 33 Active Directory Components (Continued) – Whenever a child domain is created, a two-way, transitive trust relationship is automatically created between the child and parent domains • Transitive trust – All other trusted domains implicitly trust one another 34 The Dovercorp.net domain tree 35 Active Directory Components (Continued) • Forest – Collection of trees that do not share a contiguous DNS naming structure – The trees in a forest share a single Active Directory schema • Enterprise Admins – Special user group – Allows members to manage objects throughout the entire forest 36 Example of an Active Directory forest 37 Active Directory Components (Continued) • Global catalog – Index and partial replica of the objects and attributes most frequently used throughout the entire Active Directory structure – Replicated to any server within the forest that is configured to be a global catalog server – The first domain controller in Active Directory automatically becomes a global catalog server – Additional domain controllers can also be configured to be global catalog servers 38 Active Directory Communication Standards • DNS naming standard – Used by Active Directory for • IP name resolution • Providing information on the location of network services and resources • Lightweight Directory Access Protocol (LDAP) – Used to query or update the Active Directory database directly 39 Active Directory Communication Standards (Continued) • LDAP naming paths – Used when referring to objects stored within the Active Directory – Main components • Distinguished name • Relative distinguished name 40 Active Directory Physical Structure • Relates to the actual connectivity of the physical network • Aims regarding replication – Make sure that any modification to the Active Directory database is replicated as quickly as possible between domain controllers – Make sure that replication does not saturate the available network bandwidth 41 Active Directory Physical Structure (Continued) • Sites and site links can be configured to control – Active Directory replication traffic – Network logon traffic • Active Directory site – Combination of one or more Internet Protocol (IP) subnets connected by a high-speed connection 42 Active Directory Physical Structure (Continued) • A site link – A configurable object that represents a lowbandwidth or unreliable/occasional connection between sites – Can be adjusted for • Replication availability • Bandwidth costs • Replication frequency 43 The site structure of Dovercorp.net 44 Summary • Tasks of a network administrator include: – – – – – – Software installation Active Directory (AD) administration File and print administration Internet and remote access administration Network performance monitoring Troubleshooting • Network administrator needs to follow a systematic approach to troubleshooting network problems 45 Summary (Continued) • Some tools that a network administrator can use to help with routine network management include: – The Microsoft Management Console (MMC) – The secondary logon service – Command-line utilities, such as netdiag.exe and the net command • Active Directory is a directory service database provided with Windows Server 2003 Operating Systems 46 Summary (Continued) • Logical components of an Active Directory structure – Domains and organizational units – Trees and forests – Global catalog • Active Directory uses the DNS naming standard for – IP name resolution – Providing information on the location of network services • Active Directory replication traffic and network logon traffic can be controlled by configuring sites and site links 47
