Hands-On Microsoft Windows Server 2003

Administration

Chapter 1

Windows Server 2003 Network Administration

2

Objectives

• List the various tasks of a Windows Server 2003 Network administrator

• Understand general troubleshooting techniques• Ease network management with the help of

various Windows Server 2003 Administration Tools

• Explain Windows Server 2003 Active Directory concepts

3

Network Administration Overview• Some of the tasks of a Windows Server 2003

Network administrator– Installing and maintaining the operating system

– Administering Active Directory

– Administering file and print resources

– Administering Internet resources

– Administering the network infrastructure

– Monitoring and troubleshooting Windows Server 2003

– Administering Routing and Remote Access Services (RRAS)

4

Installing and Maintaining the Operating System

• Tasks related to the operating system– Install the client workstation operating systems

– Install and configure the server environment

– Troubleshoot and resolve installation problems

– Install and manage the required service packs and hot fixes

5

Administering Active Directory

• Involves– Creating and modifying user objects

– Creating and modifying computer objects

– Creating and modifying group objects

– Managing Active Directory container and object permissions

– Creating and troubleshooting Group Policy objects

• Group Policy: a Windows Server 2003 feature that enables you to create policies that affect domain users and computers

6

Administering File and Print Resources

• Tasks included in administering file and print resources– Troubleshooting user access to files and printers

– Planning and maintaining the most efficient and secure way for users to work with file and print resources

7

Administering Internet Resources

• Internet administration– Needed because of B2B and B2C online

commerce opportunities

– Requires mastery of the configuration options within the Windows Server 2003 IIS, including

• Providing secure access to Internet-accessible resources

• Troubleshooting client connectivity problems

8

Administering the Network Infrastructure

• Administering the network infrastructure requires maintaining and troubleshooting network services, protocols, and hardware– TCP/IP protocol

• Used by Windows Server 2003 for network communications throughout the infrastructure and the Internet

– Domain Name System (DNS) service• Provides name resolution and network service

location capabilities

9

Administering the Network Infrastructure (Continued)

– Routers

– Dynamic Host Configuration Protocol (DHCP) servers

– WINS servers

10

Monitoring and Troubleshooting Windows Server 2003

• Maintenance– Monitoring server health– Monitoring system performance

• Maintenance tools– System Monitor– Event Viewer

• Troubleshooting tools– Recovery Console– Safe Mode

11

Administering Routing and Remote Access Services• Windows Server 2003 Routing and Remote

Access Services (RRAS)– Access to the company network using dial-up

modems– Virtual private networking (VPN)– Internet connection sharing (ICS)– Network address translation (NAT)– A basic firewall– Remote Desktop for Administration

• Enables administrators to network servers remotely

12

Network Administration Procedures

• Possible reasons for network problems– Hardware failures

– Security or virus attacks

– File corruption

13

Network Troubleshooting Process

• A systematic approach to troubleshooting helps– Define the exact problem

– Quickly solve the problem

• Steps of a successful troubleshooting process– Define the problem

– Gather detailed information about what has changed

– Devise a plan to solve the problem

– Implement the plan and observe the results

– Document all changes and results

14

Windows Server 2003 Management Tools

• Features and utilities that assist in daily management tasks– The Microsoft Management Console (MMC)

– The secondary logon feature

– The Task Scheduler

– The netdiag command

– The Shutdown Event Tracker• Logs each time a server is shut down or restarted

15

Windows Server 2003 Management Tools (Continued)

• The Microsoft Management Console – A customizable management framework that can

host a number of management tools

– Saved as a Management Saved Console (MSC) file with the .msc extension

• Snap-ins– Management tools that are added to the MMC

– Can be obtained from Microsoft or third-party companies

16

An Empty MMC

17

Add/Remove Snap-in dialog box

18

Customized MMC

19

Windows Server 2003 Management Tools (Continued)

• Taskpad view– Simplifies administrative procedures

– Provides a graphical representation of the tasks that can be performed in an MMC

20

Taskpad view of the Services snap-in

21

The Secondary Logon Feature

• Network administrators should keep two accounts– One for network management– One for nonadministrative tasks

• The secondary logon feature allows the administrator to– Log on with the regular user account, then– Open administrative tools as an administrator

• Administrator account– A command prompt can be used to start

applications

22

Run As dialog box

23

Additional Administrator Utilities

• Several additional utilities are available with Windows Server 2003 or the Windows Server 2003 Resource Kit– Examples

• Windows Server 2003 Task Scheduler• netdiag• net command

24

Introduction to Windows Server 2003 Active Directory

• Active Directory– A directory service database

– Services and features:• Central point for storing, organizing, managing,

and controlling network objects• Single point of administration of objects and Active

Directory-published resources• Logon and authentication services for users• Delegation of administration

25

Introduction to Windows Server 2003 Active Directory

• The Active Directory database– Can be stored on any Windows Server 2003

server promoted to domain controller• Multi-master replication

– Each domain controller throughout the network has a writeable copy of directory database

– Provides a form of fault-tolerance• Active Directory

– Uses DNS to• Maintain domain-naming structures• Locate network resources

26

Active Directory Objects

• An object– Represents network resources, such as

• Users• Groups• Computers• Printers

– Possesses attributes that provide information about the object

• Active Directory stores a variety of objects within the database

27

The Active Directory Schema

• Active Directory schema– Defines objects and attributes for entire Active

Directory structure

– Consists of two main definitions• Object classes• Attributes

– Stored in the Active Directory database

– Replicated among all domain controllers within the network

28

Active Directory Components

• Logical components of the Active Directory– Provide a way to design and administer the

hierarchical, logical structure of the network

– Include• Domains and organizational units• Trees and forests• A global catalog

29

Active Directory Components (Continued)

• Windows Server 2003 domain– Logically structured organization of objects that

• Are part of a network, and

• Share a common directory database

• Each domain– Has a unique name– Is organized in levels– Is administered as a unit with common rules and

procedures– Is defined by an IP address on the Internet

30

Active Directory Components (Continued)

• Domains provide the ability to– Configure unique security settings

– Decentralize administration

– Control replication traffic

• An organizational unit (OU)– A logical container used to organize objects

within a single domain

31

Active Directory Components (Continued)

• Benefits of using OUs– Easier to locate and manage the Active Directory

objects

– Define more advanced features by applying Group Policy to an OU

– Delegate administrative control over OUs

32

An Active Directory Domain and OU structure

33

Active Directory Components (Continued)

• Trees and forests– Forest root domain

• First Active Directory domain created in an organization

– Tree• Hierarchical collection of domains that share a

contiguous DNS namespace

34

Active Directory Components (Continued)

– Whenever a child domain is created, a two-way, transitive trust relationship is automatically created between the child and parent domains

• Transitive trust– All other trusted domains implicitly trust one another

35

The Dovercorp.net domain tree

36

Active Directory Components (Continued)

• Forest– Collection of trees that do not share a contiguous

DNS naming structure

– The trees in a forest share a single Active Directory schema

• Enterprise Admins– Special user group

– Allows members to manage objects throughout the entire forest

37

Example of an Active Directory forest

38

Active Directory Components (Continued)• Global catalog

– Index and partial replica of the objects and attributes most frequently used throughout the entire Active Directory structure

– Replicated to any server within the forest that is configured to be a global catalog server

– The first domain controller in Active Directory automatically becomes a global catalog server

– Additional domain controllers can also be configured to be global catalog servers

39

Active Directory Communication Standards

• DNS naming standard– Used by Active Directory for

• IP name resolution• Providing information on the location of network

services and resources

• Lightweight Directory Access Protocol (LDAP)– Used to query or update the Active Directory

database directly

40

Active Directory Communication Standards (Continued)

• LDAP naming paths– Used when referring to objects stored within the

Active Directory

– Main components• Distinguished name• Relative distinguished name

41

Active Directory Physical Structure

• Relates to the actual connectivity of the physical network

• Aims regarding replication– Make sure that any modification to the Active

Directory database is replicated as quickly as possible between domain controllers

– Make sure that replication does not saturate the available network bandwidth

42

Active Directory Physical Structure (Continued)

• Sites and site links can be configured to control– Active Directory replication traffic– Network logon traffic

• Active Directory site– Combination of one or more Internet Protocol

(IP) subnets connected by a high-speed connection

43

Active Directory Physical Structure (Continued)

• A site link– A configurable object that represents a low-

bandwidth or unreliable/occasional connection between sites

– Can be adjusted for• Replication availability• Bandwidth costs• Replication frequency

44

The site structure of Dovercorp.net

45

Summary

• Tasks of a network administrator include:– Software installation

– Active Directory (AD) administration

– File and print administration

– Internet and remote access administration

– Network performance monitoring

– Troubleshooting

• Network administrator needs to follow a systematic approach to troubleshooting network problems

46

Summary (Continued)

• Some tools that a network administrator can use to help with routine network management include:– The Microsoft Management Console (MMC)

– The secondary logon service

– Command-line utilities, such as netdiag.exe and the net command

• Active Directory is a directory service database provided with Windows Server 2003 Operating Systems

47

Summary (Continued)• Logical components of an Active Directory

structure– Domains and organizational units– Trees and forests– Global catalog

• Active Directory uses the DNS naming standard for– IP name resolution– Providing information on the location of network

services• Active Directory replication traffic and network

logon traffic can be controlled by configuring sites and site links