chap01

advertisement
Hands-On Microsoft
Windows Server 2003
Administration
Chapter 1
Windows Server 2003 Network
Administration
Objectives
• List the various tasks of a Windows Server 2003
Network administrator
• Understand general troubleshooting techniques
• Ease network management with the help of
various Windows Server 2003 Administration
Tools
• Explain Windows Server 2003 Active Directory
concepts
2
Network Administration Overview
• Some of the tasks of a Windows Server 2003
Network administrator
–
–
–
–
–
–
Installing and maintaining the operating system
Administering Active Directory
Administering file and print resources
Administering Internet resources
Administering the network infrastructure
Monitoring and troubleshooting Windows Server
2003
– Administering Routing and Remote Access
Services (RRAS)
3
Installing and Maintaining the
Operating System
• Tasks related to the operating system
–
–
–
–
Install the client workstation operating systems
Install and configure the server environment
Troubleshoot and resolve installation problems
Install and manage the required service packs
and hot fixes
4
Administering Active Directory
• Involves
–
–
–
–
Creating and modifying user objects
Creating and modifying computer objects
Creating and modifying group objects
Managing Active Directory container and object
permissions
– Creating and troubleshooting Group Policy
objects
• Group Policy: a Windows Server 2003 feature that
enables you to create policies that affect domain
users and computers
5
Administering File and Print
Resources
• Tasks included in administering file and print
resources
– Troubleshooting user access to files and printers
– Planning and maintaining the most efficient and
secure way for users to work with file and print
resources
6
Administering Internet Resources
• Internet administration
– Needed because of B2B and B2C online
commerce opportunities
– Requires mastery of the configuration options
within the Windows Server 2003 IIS, including
• Providing secure access to Internet-accessible
resources
• Troubleshooting client connectivity problems
7
Administering the Network
Infrastructure
• Administering the network infrastructure requires
maintaining and troubleshooting network
services, protocols, and hardware
– TCP/IP protocol
• Used by Windows Server 2003 for network
communications throughout the infrastructure and
the Internet
– Domain Name System (DNS) service
• Provides name resolution and network service
location capabilities
8
Administering the Network
Infrastructure (Continued)
– Routers
– Dynamic Host Configuration Protocol (DHCP)
servers
– WINS servers
9
Monitoring and Troubleshooting
Windows Server 2003
• Maintenance
– Monitoring server health
– Monitoring system performance
• Maintenance tools
– System Monitor
– Event Viewer
• Troubleshooting tools
– Recovery Console
– Safe Mode
10
Administering Routing and Remote
Access Services
• Windows Server 2003 Routing and Remote
Access Services (RRAS)
– Access to the company network using dial-up
modems
– Virtual private networking (VPN)
– Internet connection sharing (ICS)
– Network address translation (NAT)
– A basic firewall
– Remote Desktop for Administration
• Enables administrators to network servers
remotely
11
Network Administration Procedures
• Possible reasons for network problems
– Hardware failures
– Security or virus attacks
– File corruption
12
Network Troubleshooting Process
• A systematic approach to troubleshooting helps
– Define the exact problem
– Quickly solve the problem
• Steps of a successful troubleshooting process
– Define the problem
– Gather detailed information about what has
changed
– Devise a plan to solve the problem
– Implement the plan and observe the results
– Document all changes and results
13
Windows Server 2003 Management
Tools
• Features and utilities that assist in daily
management tasks
–
–
–
–
–
The Microsoft Management Console (MMC)
The secondary logon feature
The Task Scheduler
The netdiag command
The Shutdown Event Tracker
• Logs each time a server is shut down or restarted
14
Windows Server 2003 Management
Tools (Continued)
• The Microsoft Management Console
– A customizable management framework that can
host a number of management tools
– Saved as a Management Saved Console (MSC)
file with the .msc extension
• Snap-ins
– Management tools that are added to the MMC
– Can be obtained from Microsoft or third-party
companies
15
An Empty MMC
16
Add/Remove Snap-in dialog box
17
Customized MMC
18
Windows Server 2003 Management
Tools (Continued)
• Taskpad view
– Simplifies administrative procedures
– Provides a graphical representation of the tasks
that can be performed in an MMC
19
Taskpad view of the Services snapin
20
The Secondary Logon Feature
• Network administrators should keep two
accounts
– One for network management
– One for nonadministrative tasks
• The secondary logon feature allows the
administrator to
– Log on with the regular user account, then
– Open administrative tools as an administrator
• Administrator account
– A command prompt can be used to start
applications
21
Run As dialog box
22
Additional Administrator Utilities
• Several additional utilities are available with
Windows Server 2003 or the Windows Server
2003 Resource Kit
– Examples
• Windows Server 2003 Task Scheduler
• netdiag
• net command
23
Introduction to Windows Server
2003 Active Directory
• Active Directory
– A directory service database
– Services and features:
• Central point for storing, organizing, managing,
and controlling network objects
• Single point of administration of objects and Active
Directory-published resources
• Logon and authentication services for users
• Delegation of administration
24
Introduction to Windows Server
2003 Active Directory
• The Active Directory database
– Can be stored on any Windows Server 2003
server promoted to domain controller
• Multi-master replication
– Each domain controller throughout the
network has a writeable copy of directory
database
– Provides a form of fault-tolerance
• Active Directory
– Uses DNS to
• Maintain domain-naming structures
• Locate network resources
25
Active Directory Objects
• An object
– Represents network resources, such as
•
•
•
•
Users
Groups
Computers
Printers
– Possesses attributes that provide information
about the object
• Active Directory stores a variety of objects within
the database
26
The Active Directory Schema
• Active Directory schema
– Defines objects and attributes for entire Active
Directory structure
– Consists of two main definitions
• Object classes
• Attributes
– Stored in the Active Directory database
– Replicated among all domain controllers within
the network
27
Active Directory Components
• Logical components of the Active Directory
– Provide a way to design and administer the
hierarchical, logical structure of the network
– Include
• Domains and organizational units
• Trees and forests
• A global catalog
28
Active Directory Components
(Continued)
• Windows Server 2003 domain
– Logically structured organization of objects that
• Are part of a network, and
• Share a common directory database
• Each domain
– Has a unique name
– Is organized in levels
– Is administered as a unit with common rules and
procedures
– Is defined by an IP address on the Internet
29
Active Directory Components
(Continued)
• Domains provide the ability to
– Configure unique security settings
– Decentralize administration
– Control replication traffic
• An organizational unit (OU)
– A logical container used to organize objects within
a single domain
30
Active Directory Components
(Continued)
• Benefits of using OUs
– Easier to locate and manage the Active Directory
objects
– Define more advanced features by applying
Group Policy to an OU
– Delegate administrative control over OUs
31
An Active Directory Domain and OU
structure
32
Active Directory Components
(Continued)
• Trees and forests
– Forest root domain
• First Active Directory domain created in an
organization
– Tree
• Hierarchical collection of domains that share a
contiguous DNS namespace
33
Active Directory Components
(Continued)
– Whenever a child domain is created, a two-way,
transitive trust relationship is automatically
created between the child and parent domains
• Transitive trust
– All other trusted domains implicitly trust one another
34
The Dovercorp.net domain tree
35
Active Directory Components
(Continued)
• Forest
– Collection of trees that do not share a contiguous
DNS naming structure
– The trees in a forest share a single Active
Directory schema
• Enterprise Admins
– Special user group
– Allows members to manage objects throughout
the entire forest
36
Example of an Active Directory
forest
37
Active Directory Components
(Continued)
• Global catalog
– Index and partial replica of the objects and
attributes most frequently used throughout the
entire Active Directory structure
– Replicated to any server within the forest that is
configured to be a global catalog server
– The first domain controller in Active Directory
automatically becomes a global catalog server
– Additional domain controllers can also be
configured to be global catalog servers
38
Active Directory Communication
Standards
• DNS naming standard
– Used by Active Directory for
• IP name resolution
• Providing information on the location of network
services and resources
• Lightweight Directory Access Protocol (LDAP)
– Used to query or update the Active Directory
database directly
39
Active Directory Communication
Standards (Continued)
• LDAP naming paths
– Used when referring to objects stored within the
Active Directory
– Main components
• Distinguished name
• Relative distinguished name
40
Active Directory Physical Structure
• Relates to the actual connectivity of the physical
network
• Aims regarding replication
– Make sure that any modification to the Active
Directory database is replicated as quickly as
possible between domain controllers
– Make sure that replication does not saturate the
available network bandwidth
41
Active Directory Physical Structure
(Continued)
• Sites and site links can be configured to
control
– Active Directory replication traffic
– Network logon traffic
• Active Directory site
– Combination of one or more Internet Protocol
(IP) subnets connected by a high-speed
connection
42
Active Directory Physical Structure
(Continued)
• A site link
– A configurable object that represents a lowbandwidth or unreliable/occasional connection
between sites
– Can be adjusted for
• Replication availability
• Bandwidth costs
• Replication frequency
43
The site structure of Dovercorp.net
44
Summary
• Tasks of a network administrator include:
–
–
–
–
–
–
Software installation
Active Directory (AD) administration
File and print administration
Internet and remote access administration
Network performance monitoring
Troubleshooting
• Network administrator needs to follow a
systematic approach to troubleshooting network
problems
45
Summary (Continued)
• Some tools that a network administrator can use
to help with routine network management
include:
– The Microsoft Management Console (MMC)
– The secondary logon service
– Command-line utilities, such as netdiag.exe and
the net command
• Active Directory is a directory service database
provided with Windows Server 2003 Operating
Systems
46
Summary (Continued)
• Logical components of an Active Directory
structure
– Domains and organizational units
– Trees and forests
– Global catalog
• Active Directory uses the DNS naming
standard for
– IP name resolution
– Providing information on the location of network
services
• Active Directory replication traffic and network
logon traffic can be controlled by configuring
sites and site links
47
Download