Hands-On Microsoft Windows Server 2003 Administration

Chapter 1
Windows Server 2003 Network Administration

Objectives
List the various tasks of a Windows Server 2003 Network administrator Understand general troubleshooting techniques Ease network management with the help of various Windows Server 2003 Administration Tools Explain Windows Server 2003 Active Directory concepts

Network Administration Overview

Some of the tasks of a Windows Server 2003 Network administrator
Installing and maintaining the operating system Administering Active Directory Administering file and print resources Administering Internet resources Administering the network infrastructure Monitoring and troubleshooting Windows Server 2003 Administering Routing and Remote Access Services (RRAS)
3

Installing and Maintaining the Operating System

Tasks related to the operating system
Install the client workstation operating systems Install and configure the server environment Troubleshoot and resolve installation problems Install and manage the required service packs and hot fixes

Administering Active Directory

Involves
Creating and modifying user objects Creating and modifying computer objects Creating and modifying group objects Managing Active Directory container and object permissions Creating and troubleshooting Group Policy objects
Group Policy: a Windows Server 2003 feature that enables you to create policies that affect domain users and computers
5

Administering File and Print Resources

Tasks included in administering file and print resources
Troubleshooting user access to files and printers Planning and maintaining the most efficient and secure way for users to work with file and print resources

Administering Internet Resources

Internet administration
Needed because of B2B and B2C online commerce opportunities Requires mastery of the configuration options within the Windows Server 2003 IIS, including
Providing secure access to Internet-accessible resources Troubleshooting client connectivity problems

Administering the Network Infrastructure

Administering the network infrastructure requires maintaining and troubleshooting network services, protocols, and hardware
TCP/IP protocol
Used by Windows Server 2003 for network communications throughout the infrastructure and the Internet

Domain Name System (DNS) service

Provides name resolution and network service location capabilities
8

Administering the Network Infrastructure (Continued)

Routers Dynamic Host Configuration Protocol (DHCP) servers WINS servers

Monitoring and Troubleshooting Windows Server 2003

Maintenance
Monitoring server health Monitoring system performance

Maintenance tools
System Monitor Event Viewer

Troubleshooting tools
Recovery Console Safe Mode
10

Administering Routing and Remote Access Services

Windows Server 2003 Routing and Remote Access Services (RRAS)
Access to the company network using dial-up modems Virtual private networking (VPN) Internet connection sharing (ICS) Network address translation (NAT) A basic firewall Remote Desktop for Administration
Enables administrators to network servers remotely
11

Network Administration Procedures

Possible reasons for network problems

Hardware failures Security or virus attacks File corruption

12

Network Troubleshooting Process

A systematic approach to troubleshooting helps
Define the exact problem Quickly solve the problem

Steps of a successful troubleshooting process

Define the problem Gather detailed information about what has changed Devise a plan to solve the problem Implement the plan and observe the results Document all changes and results
13

Windows Server 2003 Management Tools

Features and utilities that assist in daily management tasks
The Microsoft Management Console (MMC) The secondary logon feature The Task Scheduler The netdiag command The Shutdown Event Tracker
Logs each time a server is shut down or restarted

14

Windows Server 2003 Management Tools (Continued)

The Microsoft Management Console
A customizable management framework that can host a number of management tools Saved as a Management Saved Console (MSC) file with the .msc extension

Snap-ins
Management tools that are added to the MMC Can be obtained from Microsoft or third-party companies
15

An Empty MMC

16

Add/Remove Snap-in dialog box

17

Customized MMC

18

Windows Server 2003 Management Tools (Continued)

Taskpad view
Simplifies administrative procedures Provides a graphical representation of the tasks that can be performed in an MMC

19

Taskpad view of the Services snapin

20

The Secondary Logon Feature

Network administrators should keep two accounts
One for network management One for nonadministrative tasks

The secondary logon feature allows the administrator to

Log on with the regular user account, then Open administrative tools as an administrator

Administrator account
A command prompt can be used to start applications
21

Run As dialog box

22

Additional Administrator Utilities

Several additional utilities are available with Windows Server 2003 or the Windows Server 2003 Resource Kit
Examples
Windows Server 2003 Task Scheduler netdiag net command

23

Introduction to Windows Server 2003 Active Directory

Active Directory
A directory service database Services and features:
Central point for storing, organizing, managing, and controlling network objects Single point of administration of objects and Active Directory-published resources Logon and authentication services for users Delegation of administration

24

Introduction to Windows Server 2003 Active Directory

The Active Directory database
Can be stored on any Windows Server 2003 server promoted to domain controller

Multi-master replication
Each domain controller throughout the network has a writeable copy of directory database Provides a form of fault-tolerance

Active Directory
Uses DNS to
Maintain domain-naming structures Locate network resources
25

Active Directory Objects

An object
Represents network resources, such as
Users Groups Computers Printers

Possesses attributes that provide information about the object

Active Directory stores a variety of objects within the database

26

The Active Directory Schema

Active Directory schema
Defines objects and attributes for entire Active Directory structure Consists of two main definitions
Object classes Attributes

Stored in the Active Directory database Replicated among all domain controllers within the network
27

Active Directory Components

Logical components of the Active Directory
Provide a way to design and administer the hierarchical, logical structure of the network Include
Domains and organizational units Trees and forests A global catalog

28

Active Directory Components (Continued)

Windows Server 2003 domain
Logically structured organization of objects that
Are part of a network, and Share a common directory database

Each domain
Has a unique name Is organized in levels Is administered as a unit with common rules and procedures Is defined by an IP address on the Internet
29

Active Directory Components (Continued)

Domains provide the ability to
Configure unique security settings Decentralize administration Control replication traffic

An organizational unit (OU)

A logical container used to organize objects within a single domain

30

Active Directory Components (Continued)

Benefits of using OUs
Easier to locate and manage the Active Directory objects Define more advanced features by applying Group Policy to an OU Delegate administrative control over OUs

31

An Active Directory Domain and OU structure

32

Active Directory Components (Continued)

Trees and forests
Forest root domain
First Active Directory domain created in an organization

Tree
Hierarchical collection of domains that share a contiguous DNS namespace

33

Active Directory Components (Continued)

Whenever a child domain is created, a two-way, transitive trust relationship is automatically created between the child and parent domains
Transitive trust
All other trusted domains implicitly trust one another

34

The Dovercorp.net domain tree

35

Active Directory Components (Continued)

Forest
Collection of trees that do not share a contiguous DNS naming structure The trees in a forest share a single Active Directory schema

Enterprise Admins
Special user group Allows members to manage objects throughout the entire forest
36

Example of an Active Directory forest

37

Active Directory Components (Continued)

Global catalog
Index and partial replica of the objects and attributes most frequently used throughout the entire Active Directory structure Replicated to any server within the forest that is configured to be a global catalog server The first domain controller in Active Directory automatically becomes a global catalog server Additional domain controllers can also be configured to be global catalog servers
38

Active Directory Communication Standards

DNS naming standard
Used by Active Directory for
IP name resolution Providing information on the location of network services and resources

Lightweight Directory Access Protocol (LDAP)

Used to query or update the Active Directory database directly

39

Active Directory Communication Standards (Continued)

LDAP naming paths
Used when referring to objects stored within the Active Directory Main components
Distinguished name Relative distinguished name

40

Active Directory Physical Structure

Relates to the actual connectivity of the physical network Aims regarding replication
Make sure that any modification to the Active Directory database is replicated as quickly as possible between domain controllers Make sure that replication does not saturate the available network bandwidth

41

Active Directory Physical Structure (Continued)

Sites and site links can be configured to control
Active Directory replication traffic Network logon traffic

Active Directory site

Combination of one or more Internet Protocol (IP) subnets connected by a high-speed connection

42

Active Directory Physical Structure (Continued)

A site link
A configurable object that represents a lowbandwidth or unreliable/occasional connection between sites Can be adjusted for
Replication availability Bandwidth costs Replication frequency

43

The site structure of Dovercorp.net

44

Summary
Tasks of a network administrator include:
Software installation Active Directory (AD) administration File and print administration Internet and remote access administration Network performance monitoring Troubleshooting

Network administrator needs to follow a systematic approach to troubleshooting network problems

45

Summary (Continued)
Some tools that a network administrator can use to help with routine network management include:
The Microsoft Management Console (MMC) The secondary logon service Command-line utilities, such as netdiag.exe and the net command

Active Directory is a directory service database provided with Windows Server 2003 Operating Systems
46

Summary (Continued)
Logical components of an Active Directory structure
Domains and organizational units Trees and forests Global catalog

Active Directory uses the DNS naming standard for

IP name resolution Providing information on the location of network services

Active Directory replication traffic and network logon traffic can be controlled by configuring sites and site links

47