GVHD:Phm Vn Tnh Thnh vin: Nguyn Thch Nguyn Tn M L Ph Duyn Nguyn Bnh Minh
Mc Tiu
- Khi nim AD -Cu hnh
Nng cp domain H cp domain Join Domain Home Directory Sub domain FolderRedirection User,Group Group policy Forest
Cc Mc Chnh
I.Tng quan Active Directory I.A.L do c AD I.B.Directory Service I.C.Active Directory
II.Cu hnh c bn AD
II.A. DNS II.B. Nng cp Domain II.C.H cp Domain II.D.Join Domain II.E Replication II.F.Group va User II.G.Home Directory II.H.Deploy Software II.I. FolderRedirection II.J.Group policy II.K, Sub domain II.L. Forest II.M. Backup and restore
I.A.1.L DO
Ngy nay h thng thng mi ngy cng pht trin mnh,cc doanh nghip ngy cng ln mnh ngy cng c nhiu i l khp mi ni ,vy vn dc ra y o l lm sao m cc doanh nghip c th qun l c cc ngun ti nguyn ca cua mnh,AD ra i gi quyt cho vic .. Nh chng ta bit th AD khng phi l mt khi nim mi,Ad c bit n khi h iu hnh NT4.0 ra i ginh cho cc doanh nghip nh,dng l kh tin li cho doanh nghip nh v va,nhng s l rt kh khn trong vic tm kim trong mt doanh nghip ln v nhn thy dc iu Microsoft cho ra i dng sn phm win 2000 trong AD l phn chim rt quan trng nht,
Cn gi l m hnh mng peer-to-peer, l m hnh m trong cc my tnh c vai tr nh nhau c ni kt vi nhau. Cc d liu v ti nguyn c lu tr phn tn ti cc my cc b, cc my t qun l ti nguyn cc b ca mnh,t chng thc trn my cc b Trong h thng mng khng c my tnh chuyn cung cp dch v v qun l h thng mng. M hnh ny ch ph hp vi cc mng nh v yu cu bo mt khng cao
Hot ng theo c ch client-server, trong h thng mng phi c t nht mt my tnh lm chc nng iu khin vng (Domain Controller), Domain Controller ny s iu khin ton b hot ng ca h thng mng. Vic chng thc ngi dng v qun l ti nguyn mng c tp trung li ti cc Server trong min. M hnh ny c p dng cho cc cng ty va v ln.
Trong m hnh Domain ca Windows Server 2000 th cc thng tin ngi dng c tp trung li do dch v Active Directory qun l v c lu tr trn my tnh iu khin vng (domain controller) vi tn tp tin l NTDS.DIT(C:\WINDOWS\NTDS)
I.B.DIRECTORY SERVICE
I.B.1 Khi nim Directory Service? I.B.2 V sao li c Directory Service? I.B.3 Thnh phn trong Directory Service ?
Directory Service l mt dch v hot ng nh mt trung tm chnh trong cc h iu hnh my ch, n h tr cc ngun ti nguyn c lp v phn tn c th lm vic vi nhau, c th kt ni vi nhau
Schema (cu trc t chc). Mt schema nh ngha danh sch cc thuc tnh dng m t mt loi i tng no Container (vt cha). cha cc i tng v cc vt cha khc:Domain,Site, OU (Organizational Unit): Global Catalog. Dch v Global Catalog dng xc nh v tr ca mt i tng m ngi dng c cp quyn truy cp.
I.C.ACTIVE DIRECTORY
I.C.1 Khi nim Active Directory? I.C.2 Chc nng Active Directory ? I.C.3 M hnh lm vic Active Directory? I.C.4 Thnh phn trong Active Directory?
Domain
Computers
Objects
Userss
Lu tr thng tin v ti khon ngi dng v cc ti nguyn mng my tnh. Xc nh tnh hp l ca ngi truy cp ti nguyn mng.ComputersObjectsUserss Lu tr thng tin mng my tnh nh l cc i tng trong mt cu trc phn cp. Ngoi ra n cn cung cp: S qun l tp trung Cc kh nng tm kim nng cao. y quyn i din
HIERARCHICAL ORGANIZATION
OBJECT-ORIENTED STORAGE
MULTI-MASTER REPLICATION
I.C.4 .1 OBJECT
I.C.4 .3 DOMAIN
logic Active Directory,l phng tin qui nh mt tp hp nhng ngi dng, my tnh, ti nguyn chia s c nhng qui tc bo mt ging nhau t gip cho vic qun l cc truy cp vo cc Server d dng hn Chc nng ca Domain:
ng vai tr nh mt khu vc qun tr (administrative boundary) cc i tng, l mt tp hp cc nh ngha qun tr cho cc i tng chia s nh: c chung mt c s d liu th mc, cc chnh sch bo mt, cc quan h y quyn vi cc domain khc. Gip chng ta qun l bo mt cc cc ti nguyn chia s. Cung cp cc Server d phng lm chc nng iu khin vng (domain controller), ng thi m bo cc thng tin trn cc Server ny c c ng b vi nhau
Domain Tree l cu trc bao gm nhiu domain c sp xp c cp bc theo cu trc hnh cy.
I.C.4 .5 FOREST
II.A.DNS
Vo Start chn Administrative Tools DNS s xut hin ca s DNS. Trong phn to Zone ny cc bn s phi to dng Forward Lookup Zone Dng Primary Zone. Chut phi vo Forward Lookup zone chn New Zone.
chn Allow Dynamic Update y l bt buc khi ci t Active Directory s t ng ghi cc Record vo DNS. Nhn next kt thc qu trnh cu hnh DNS
Cn phi chnh sa hai Record trong th mc DNS va to qu trnh ci t chun Active Directory, nhp p vo SOA v Name Servers chnh li bng cch thm vo phn ui cc Record tn Zone va to ra.
Khi ng li dch v mng kim tra hot ng ca DNS bng cch vo run g CMD trong ca s ny chn: ping dtm.nonglam.com
II.B.NNG CP DOMAIN
Vo Run g dcpromo Next
Domain Controller for a New domain: L thit lp to ra Domain Controller u tin trong Domain Additional domain Controller : l la chn ci t thm mt my ch DC vo cho mt Domain, vi thit lp hai hay nhiu DC cho mt Domain p ng c khi mt my ch b s c xy ra th h thng vn hot ng bnh thng. y bn chn Option: Domain Controller for a New Domain ci t My ch Domain Controller u tin trn Domain. Bn nhn Next tip tc qu trnh ci t.
Domain in a new forest: Ci t my ch Domain Controller u tin trn Forest s phi la chn thit lp ny v d y ti ci cho domain u tin l: vnexperts.net phi la chn Options ny.
Mode.
i vi pht cho n khi h thng thng bo hon thnh v yu cu khi ng li l bn hon tt qu trnh ci t Active Directory trn my ch Windows Server 2003.
II.C.H CP DOMAIN
Vo run bn g dcpromo
Bn chn check This server is the last domain controller in the domain Ngha l y l ci domain cui cng m bn mun h cp
II.E REPLICATION
Active Directory trn my ch Windows Server 2003 c c ch Replications gia cc my ch Domain Controller vi nhau. Cho php nhiu my ch Domain Controller cng qun l chung mt d liu Active Directory, vi d liu v thit lp ging nhau. ng thi cho php nhiu my ch Domain Controllers hot ng vi quyn ngang hng nhau trong Active Directory.
- Cc
my ch hon ton c kh nng thm d liu vo trong Active Directory (nh vic to User mi, hay thay i thng tin trong Active Directory). Khi bn thay i d liu Active Directory trn mt my ch Domain Controller th chng s t ng ng b ho vi ton b my ch Domain Controller trong h thng mng.
- Nh vy nu mt h thng Domain nu bn c mt my ch Domain Controller chng may my ch ny b gin on trong mt thi gian nht nh th c h thng s b t lit. Khc phc vn ny bn ci t thm mt hay nhiu my ch Domain Controller na cng qun l d liu Active Directory v DNS ca h thng. Khi mt trong cc my ch Domain Controller trong h thng phi bo tr hay gin on mt thi gian th h thng vn hot ng bnh thng.
my ch Domain Controller mi hot ng vi chc nng tng ng vi my ch Domain Controller u tin phi p ng: + Cung cp gii php tn min DNS cho cc my Client + Cung cp xc thc v cc d liu lin quan khc ti d liu Active Directory.
Trn Windows Server 2003 dch v DNS cho php to Secondary Zone nh mt bn sao d liu DNS t mt Primary Zone c to sn. Thc hin qua 2 bc: Bc 1: bn my ch dtm.nonglam.com cho php ly d liu Zone nonglam.com (my khc to Secondary Zone nonglam t my ch ny. ) Bc 2 : To Secondary Zone t my ch khc chun b ci t lm Domain Controller
BC 1
Vo Start chn Administrative Tools DNS Trong ca s DNS chn forward lookup zone trong c Zone nonglam.com. Chut phi vo nonglam.com v chn Property vo tab Zone Tranfers.
BC 2 TO SECONDARY ZONE
Bn vo trong Start chn Administrative Tools DNS Trong DNS chut phi vo Forward Lookup Zone chn New Zone nhn Next h thng s bt bn la chn Type Zone bn chn Secondary Zone.
ly ton b d liu DNS t my ch dtm v my ch dth bn chut phi vo Zone nonglam.com mi c to ra trn my ch dth chn "Transfers from master".
Vo Run bn g dcpromo. Nhn Next tip tc qu trnh ci t Addtions Domain Controller. V chn bnh thng nh trn bn lm. n bc chn Domain Controler Type bn bt buc phi chn Additional domain controller for an existing domain.
in cc d kin t domain, username password. Nhn Next h thng t ng tm kim Domain chn, nu bn t a ch DNS cho card mng sai n bc ny s khng tm thy domain m bn cn add vo
Sau khi hoan thnh bn khi ng li my sau vo Active Directory Users and Computers xem v ti thy c hai my ch Domain Controller.
JOIN DOMAIN
JOIN DOMAIN
Bn vo Computer name v chn Changemember of bn nhp tn domain controller cn gia nhp vo. V chn OK
JOIN DOMAIN
Gi s c mt domain controller dc1.hcmuaf.edu.vn c a ch l 192.168.100.200. Chun b mt my winserver 2003 tn dc2 c a ch l 192.168.100.100 v chng ta s ci dc2 l domain controller ca domain mail.hcmuaf.edu.vn
II.G.FOREST
Gi s c mt domain controller dc1.hcmuaf.edu.vn c a ch l 192.168.100.200. Chun b mt my winserver 2003 tn dc3 c a ch l 192.168.100.150 v chng ta s ci dc3 l domain controller ca domain hcmuaf1.edu.vn
CC BC THC HIN
Cc bc u lm tng t.
NHP TN DOMAIN
NEXT NEXT
Password restore
NEXT FINISH
II.H.BACK UP V RESTORE
Backup v Restore l mt trong nhng kin thc v cng quan trng trong vic m bo h thng hot ng mt cch hiu qu, v trnh c nhng s c ng tic xy ra. Trong Windows Server 2003 c s dng mt cng c backup d liu l: ntbackup.
NTBACKUP trong Windows Server 2003 s dng cng ngh backup l Shadow Copy backup c nhng d liu ang hot ng nh SQL, hay dch v Active Directory, cc file ang chy hay cc folder b cm truy cp
BACK UP
Trong Windows khng cho can thip vo cc file hay d liu ang hot ng hay ang c s dng bi mt chng trnh khc.Nhng chng ra hon ton c th backup c Active Directory theo mt cch d dng. Khi backup System State s cha ton b thng tin ca Active Directory.
BI TON
Step 1: To mt OU trong Active Directory vi tn OU1 trong OU1 to tip mt User Name l user1. Step 2: Backup Active Directory. Step 3: Xo user1 va to ra. Step 4: Khi phc li user1 va b xo.
TO OU1
TO USER1
NHP PASSWORD
QU TRNH BACK UP
Vo cmd g ntbackup
CHN ADVANCED MODE S XUT HIN CA S BACKUP UTILITY CHN TAB BACKUP
SAU KHI CHN SYSTEM STATE, CN PHI THIT LP NI CHA FILE BACKUP, Y TI CHN L LU TI A:\ V TN FILE L BACKUP.BKF
QU TRNH BACK UP
XA USER1
RESTORE
Bn khng th thc hin Restore thao tc ln cc d liu ang hot ng, v vy cn phi khi ng h thng ch Safe Mode tin hnh restore. Trong Menu cc Mode chn "Directory Service Restore Mode" bt buc phi chn mode ny bi khi bn la chn Mode ny mc nh Service Active Directory s b tt v bn c th thao tc bng cc tc v khc vo d liu ca Active Directory c.
SAFE MODE
KHI CHN KHI NG T "DIRECTORY SERVICE RESTORE MODE" H THNG S YU CU G USER NAME V PASSWORD.
CHN TAB RESTORE AND MANAGER CHN FILE BACKUP NHN START RESTORE
XC NHN
qun l h thng Domain, ngi qun tr cn tin hnh phn chia Domain thnh cc cp nh hn qun l (OU). Ngi qun tr cn xc nh cn phi to bao nhiu OU v trong mi OU s c nhng loi User v Group no. to cc OU cn ng nhp vo Domain vi quyn Administrator.
TO OU
Log on Administrator Start Programs Administrative Tools Active Directory User and Computers R.Click vo DH06DTB.com New Organizational Unit
NHP TN OU
TO 1 GROUP TRONG OU
Nhp tn Group vo Group Name: HocVien Group scope option mc nh l Global v Group Type option mc nh l Security Ok
TO USER TRONG OU
Chn Advanced
Log on Administrator Start Run: CMD - To OU c tn DH06DTB1 trong Domain DH06DTB.com Trong ca s Command line g: dsadd ou ou=DH06DTB1,dc=DH06DTB,dc=com
CH
Khi to User bng commain line nh trn th user mc nh trng thi Disable. Enable User: ng Commain line Start Programs Administrative Tools vo OU DH06DTB1 R.Click gv1 Enable Account OK
FOLDER REDIRECTION
Yu cu bi ton: Khi user gia nhp vo domain, thnh phn MyDocument s c lu gi trn h thng, s c khi phc li trong ln ng nhp sau.
Yu cu: phi c h thng domain, c 1 user thng, Login vo Domain vi quyn Adminstrator.
TIN HNH
My domain Logon vi quyn Administrator Vo C:\ to Folder tn MyDocs ,share cho Group Everyone quyn Full Control.
Active Directory Users and Computers R.Click OU Dh06DTB Properties Tab Group Policy New t tn Policy: Folder Redirect Edit
Trong Tab Target Setting Chn Bassic: redirec everyone Trong hp thoi Root Path: \\Server\MyDocs --> Apply --> OK
KIM TRA
Logoff Administrator Logon user u1 R.Click My Documents Properties Trong Target c : \\Server\MyDocs\u1\My Documents
HOME DIRECTORY
Yu cu: Ngi dng cn 1 a nhm mc ch cha d liu trn file server, d liu ny s xut hin trong ln ng nhp tip theo. Chun b: Khi ng my: chn Windows Server 2003 nng cp ln Domain Controller To OU DH06DTB , trong OU to 2 User u1, u2 Cho Group User quyn Allow logon locally To th mc C:\Homedirs Share th mc Homedirs, cho Group Everyone quyn FullControl
TIN HNH
Logon Administator Active Directory User and Computer R.Click User u1 Properties tab Profile Chn Connect chn a ty ( mc nh l Z) Trong hp thoi To: g \\Tn my Domain\\Tn th mc share\%username% Apply Trong trng hp ny l : \\Server\\Homedirs\%username%
Sau khi chn Apply phn %username% chuyn thnh tn user mnh ang ng nhp OK
KIM TRA
Log off Administrator log on User u1 v quan st thy th mc Homedirs trn file Server tr thnh a Z trn my
Vo C:\Homedirs ta thy trong y c folder u1 (c thm u2 l do em tin tay lm lun cho u2)
OU-DELEGATE CONTROL
Yu cu: Ngi qun tr h thng khng th lc no cng n tng OU v qun l cc user, v th ngi qun tr c th y quyn cho 1 user thay mnh qun l tng OU. Ty yu cu cng vic m ngi qun tr s cho php user c nhng quyn g trn OU m user c qun l. Chun b: - Cn 1 OU v 1 user trong OU - ng nhp vi quyn Administrator.
TIN HNH
Phn quyn cho User u1 qun l cc User Account trong OU DH06DTB Logon Administrator Start Programs Administrator Tools Active Directory R.Click OU DH06DTB chn Delegate Control, hin ra ca s Welcome:
Trong ca s Users or Group chn Add nhp vo u1 chn Check Name Next
Trong ca s Task to Delegate: Chn vo Delegate following common tasks Chn Create ,delete and manage user accounts Next
KIM TRA
Logoff Administrator Logon User u1 Start Programs Administrator Tools Active Directory R.Click ln OU DH06DTB New : Ta thy u1 ch c quyn to User.
Logon Administrator Start Programs Administrator Tools Active Directory R.Click OU DH06DTB chn Delegate Control Trong ca s Welcome chn Next Trong ca s User Group chn Add nhp vo u2 Check Names Next
Trong hp thoi Active Directory Object Type Chn vo This folder, existing objects in this folder, and creations of new objects in this folder Next
Trong hp thoi Permissions chn vo General Properties-specific Creation/deletion of specific child objects chn vo FullControl Next Finish
KIM TRA
Logoff Administrator Logon u2 Start Programs Administrative Tools Active Directory R.Click OU DH06DTB New ( u2 c ton quyn trn OU DH06DTB)
R.Click OU DH06DTB Properties chn tab Security: thy u2 c quyn Full Control
GROUP POLICY
Logon user Administrator Active Directory Users and Computers R.Click OU DH06DTB Properties tab Group Policy New i tn New Group Policy Objects thnh Hide Control Panel Edit
Chn User Configuration Administrative Templates Control Panel R.Click Prohibit access to the Control Panel ( ca s bn phi) Properties Enabled Apply OK ng ca s Group Policy OK
KIM TRA
ng tt c ca s Cp nht Policy (gpupdate /force) Logoff Administrator Logon KT1 Start Settings quan st thy Control Panel b n.
Khi 1 Policy c thit lp 1 cp cao hn, cc cp thp hn s k tha v chu rng buc bi Policy . b s rng buc ny ta lm nh sau. B chc nng k tha trong OU DH06DTB: To OU DH06DTBM bn trong OU DH06DTB, to User DH06DTM bn trong OU DH06DTBM To Policy cho OU DH06DTBM: Lm n My Network Place ( Lm tng t nh trn)
Tin hnh: Logon Administrator Active Directory Users and Computers R.Click OU DH06DTBM Properties Tab Group Policy Chn vo : Block Policy inheritance Apply OK
KIM TRA
Logoff Administrator Logon user DH06DTM My Network Place khng c trn Desktop, Control Panel th c.
C nhng Policy m OU cp cao hn buc cc OU cp thp hn phi k tha, khng cho OU con c th Block Policy. thc hin ta lm nh sau: Logon Administrator Active Directory Users and Computers R.Click OU DH06DTB Properties Tab Group Policy Chn vo Policy: Hide Control Panel Options Chn vo No Override: prevents other Group Policy Objects from overrding policy set in this one OK OK ng tt c cc ca s --> Start Run gpupdate /force
KIM TRA
DEPLOY SOFTWARE
Yu Cu: Khi user Logon vo h thng, user mun c 1 chng trnh no c ci sn trn h thng. Tin hnh: Start Run regedit trong ca s Registry Editor KEY_LOCAL_MACHINE Software Policy Microsoft R.Click Windowns To Key mi: Installer R.Click Installer New DWORD Value
Logon Administrator v C:\atrecply ( chun b sn) Share atrecply cho Group Everyone quyn FullControl.
Vo Active Directory Users and Computers R.Click OU DH06DTB Properties tab Group Policy Chn New To 1 Group Policy: Deploy Software
Chn Edit Trong Group policy Object Editor User Configuration Software Settings R.Click Software installation New Package
Trong ca s Open nhp vo File name: ng dn File ci t, trong trng hp ny l: \\Server\atrecply\atrecply.exe --> Open
Ca s bn tri xut hin thm 1 package ng cc ca s Start Run gpupdate /force cp nht Policy
KIM TRA
Logoff Administrator Logon user u1 Vo C:\atrecply thy file atrecply.msi v ci t bnh thng, Logoff u1 Logon gv1 Vo C:\atrecply thy file atrecply.msi nhng khng ci t c.