1

An Introduction to Windows Server 2003

CHAPTER OBJECTIVES
1.01 Understand the Windows Server 2003 platform, including various editions of the server. Install Windows Server 2003. Tasks include troubleshooting the setup process and performing postinstallation configuration. 1.03 Understand the Active Directory. Tasks include promoting a server to a domain controller. Two-Minute Drill

1.02

Chapter 1: An Introduction to Windows Server 2003

aking Exam 70-290 may be your first step toward becoming an MCSA and/or an MCSE. And, preparing for that exam will be your first in-depth look at the many features of Microsofts server-side network operating system. If youre new to working with the Windows Server 2003 product, you should know some basic information before you dive into the technical details that are presented throughout this book. Therefore, in this chapter, well look at several different areas that are not included in Microsofts Exam 70-290. Specifically, youll receive an overview of the Windows Server 2003 operating system platform, including the various editions that are available. Then, well look at the process of installing a new server with this operating system. Finally, well look at one of the most If youve been using important features in Microsofts server Windows Server 2003 for quite some time operating systems: the Active Directory. and you want to cover only the topics that Even though the Exam Preparation Guide are required for the exam, you can skip doesnt include specific bullet points that cover this chapter. Note, however, that youll these areas, the information should be very be missing out on some basic information useful, both on the exam and in the real world. that might be helpful to know when taking Lets get started by looking at some basic the exam. information about Windows Server 2003.

CERTIFICATION OBJECTIVE 1.01

Understanding Windows Server 2003

One of the most important aspects of the job of an IT professional is to match technical solutions to business problems. Its not enough that you understand how to perform technical procedures; you must be able to figure out the best way to apply technology to meet certain goals. When it comes to working with network operating systems, it can be helpful to know the key features of the product, and how they fit with the environment that youre working in. In this section, well take a look at the history of Microsofts Windows operating systems. Then, Ill try to answer whats likely to be one of the most burning questions in your mind: Whats new in Windows Server 2003? Finally, well look at the various editions of Microsofts newest server platform. Lets start with the past and then move forward.

Understanding Windows Server 2003

A Brief History of Windows

Microsoft has had a long and successful history with its Windows line of operating systems. With more than a dozen editions of various client and server versions of the Windows platform, it can be very difficult to keep track of these. Since many systems administrators will need to support a wide range of operating systems, well take a brief look at a history of Windows in this section. This information will be particularly useful if you are new to supporting Microsoft technologies, but if you are a veteran, you might like to remember just how far this software platform has come. Unfortunately, Microsofts marketing group has come up with some very nonintuitive names for the versions of their operating systems. The end result seems to be a lot of confusion over the various OSes and how they interrelate. Lets take a very brief look at the various operating systems that have been developed by Microsoft. Chronologically, the major server-side network operating systems are:
Windows NT Advanced Server 3.1 Windows NT Server 3.5 Windows NT Server 3.51 Windows NT Server 4.0 Windows NT Server 4.0 Enterprise Edition Windows NT Server 4.0 Terminal Server Edition Windows 2000 Server Platform (multiple editions) Windows Server 2003 Platform (multiple editions)

The client operating systems can be divided into two groups. The first group includes the Windows operating systems that are based on the Windows NT platform:
Windows NT Windows NT Workstation 4.0 Windows 2000 Professional Windows XP (Home and Professional)

The client operating systems that are based on MS-DOS and earlier versions of Windows include:
Windows 3.x Windows 95

Chapter 1: An Introduction to Windows Server 2003

Windows 98 Windows Millennium Edition (Me)

Many of these operating systems had several revisions and updates. For example, Microsoft made limited releases of its Windows 98 Second Edition (SE) operating system, and Service Packs and Option Packs have added significant functionality to older products such as Windows NT 4.0. For more information about the history of windows, you can see the illustrated Windows timeline at http://www.microsoft.com/windows/WinHistoryIntro.mspx.

An Overview of Whats New in Windows Server 2003

From some fairly humble beginnings, Microsoft has made its Windows platform a powerful force in the network operating system marketplace. With a huge market share for client operating systems and a growing share of the server marketplace, the Windows platform is the default operating system for many organizations throughout the world, ranging in size from Mom & Pop shops to global enterprises. Of course, its likely that you already know this, since youre pursuing a career involving Microsofts products! The purpose of this book is to describe tools, techniques, and features related to Windows Server 2003. Note, however, that a great deal of the information that is covered in this book is also applicable to other versions of Windows (including client-side operating systems and the Windows NT 4.0 and Windows 2000 platforms). Theres a good chance that the majority of information will also apply to future Windows operating systems. Keep this in mind as you work with Microsofts products in the real world. In this section, youll be provided with a high-level overview of some of the many new features in Windows Server 2003. Although we cant cover all of these features in detail here (thats what the rest of the book is for!), we can take a high-level look at important features and what Microsofts goals for Windows Server 2003 are.

New Features in Windows Server 2003

Many software vendors work hard to constantly improve their products, and Microsoft is no exception. Without keeping up with the latest technological advances, most software products will eventually fall into obscurity. Although Im not a Microsoft insider, I can offer some educated guesses into what Microsofts Product Managers

Understanding Windows Server 2003

were thinking as they decided what would be done to make Windows Server 2003 a compelling upgrade. Lets take a look at how Windows Server 2003 fits in. First, Microsoft is trying to follow up on an already successful product linethe Windows 2000 Server platform. In some ways, this can be a more difficult task than fixing an older operating system or application that didnt meet most of its customers needs. Many organizations have migrated to Windows 2000 Server and are quite happy with that operating system. In fact, many of Microsofts customers (especially many large organizations) are happy running Windows NT 4.0 Server. So, the challenge for Microsoft is to provide compelling reasons for customers to upgrade their server operating systems. In general, Windows Server 2003 is an incremental improvement over its predecessor, Windows 2000 Server. Those that are deploying the operating system will find that its not as large a shift as was moving from Windows NT 4.0 to the Windows 2000 platform. For example, the architecture of the Active Directory remains largely unchanged, although there have been several improvements in performance, reliability, and management features. In fact, Microsofts marketing efforts are strongly focused on providing compelling reasons for Windows NT 4.0 users to upgrade to Windows Server 2003. Of course, thats not to say that organizations wont find it worthwhile to upgrade from Windows 2000 Server. So, the question remains, what are the major enhancements in Windows Server 2003? In this section, well look at improvements in Windows Server 2003, when compared to Windows 2000 Server. For more details about the new features and technologies in the Windows Server 2003 product, see Microsofts Windows Server 2003 home page at http://www.microsoft.com/WindowsServer2003/. Youll also be able to find a comparison between Windows NT 4.0 Server and Windows Server 2003 on this site.

Active Directory Enhancements One of the most valuable features of Microsofts current Windows server operating system platform is its ability to support the Active Directory. Youll see some basic technical information about this technology later in this chapter. Regarding the administration of the Active Directory, Microsoft has made several improvements. First, the much-requested feature of drag-and-drop support in the Active Directory administrative tools has been added. You can also select multiple objects and easily change related properties all at once.

Chapter 1: An Introduction to Windows Server 2003

Windows Server 2003 supports another much-requested Active Directory feature: the ability to rename domains. Since mergers and acquisitions are common in the current business environment, this feature enables systems administrators to adapt their domain names and structures to organizational changes. Note, however, that renaming a domain is not as simple as renaming an object such as a file; theres a fairly lengthy sequence of steps that must be carried out in order for the process to occur successfully. In terms of to security, resources can now be easily shared between separate Active Directory forests through the use of trust relationships between forests (instead of just trusts between domains in different forests, as was supported in the Windows 2000 version of Active Directory). This allows for sharing network resources between organizations, and between independent business units or sections of a single organization. Although not all of these features are revolutionary, they can simplify administration in many environments. As IT professionals, many of us really love to live on the cutting edge. As soon as new software is released, we want to try it out. And, were always looking for ways to get our hands on the latest versions of products. This is great for learning, but from a business point of view, you should always keep in mind the real benefits of upgrading to a new application. If a new version of an application features only better-designed icons and superficial changes, its probably not worth the cost and effort of upgrading. If, on the other hand, there are significant new enhancements and features for users, it might be worth the costs of upgrading to increase overall productivity. Always focus on the overall value of an upgrade to a new product or version.

Group Policy Enhancements Through the use of Group Policy settings, systems administrators are able to exert more control over their Windows-based client and server operating systems than ever before. The effective application of Group Policy Objects (GPOs) can result in well-managed client computer configurations. This, in turn, can reduce administration costs and can improve the end-user experience. One of the challenges of working with Group Policy in Windows 2000 Server was the sheer number of options and the many ways in which they could be applied. This often made it difficult to troubleshoot specific policy-related problems. Group Policyrelated enhancements in Windows Server 2003 include the Group Policy Management Console. This administrative tool (which must be downloaded from Microsofts Windows Server 2003 web site) provides the ability to view GPO-related

Understanding Windows Server 2003

information throughout the environment using a single console. Its no longer necessary to open multiple Active Directory administration tools to hunt down the right settings or the cause of a problem. Figure 1-1 shows the main screen of the Group Policy Management Console. This powerful tool includes additional wizards, such as the Group Policy Modeling Wizard (which allows you to plan for the application of GPOs) and the Group Policy Results Wizard (which calculated overall effective GPO settings). Another new feature related to managing Group Policy is the Resultant Set of Policies tool. As its name implies, this tool can be used to determine the actual policy settings that apply to a specific Active Directory user or computer. The tool goes further by allowing systems administrators to choose a logging mode (which calculates existing policy settings) and a planning mode (which allows for the testing of Group Policy settings, before theyre applied). The Resultant Set of Policies console can be used to identify and plan for the proper application of GPOs (see Figure 1-2).
FIGURE 1-1

Using the Group Policy Management Console

Chapter 1: An Introduction to Windows Server 2003

FIGURE 1-2

Using the Resultant Set of Policies administrative tool

Internet Information Server Enhancements Windows Server 2003 includes IIS 6.0, the latest version of Microsofts Internet server platform. IIS includes the following server-side functionality:
HTTP Server

Used to serve static web content, as well as process dynamic server-side requests for active web sites (such as those that are written in ASP, ASP.NET, or other supported languages). Provides the ability to host and share files over the Internet Used to relay e-mail messages within and outside an Used to provide access to Internet and private newsgroups. or an intranet.

FTP Server SMTP Server

organization.
NNTP Server

Understanding Windows Server 2003

Many organizations rely on their Internet servers to provide for communications throughout their organization. IIS 6.0 is a completely rewritten version of this platform. Its major new feature is improved process isolation through the use of application pools. This allows administrators to separate different areas of web applications from each other, thereby adding protection against application crashes. The Windows Server 2003 version of IIS also provides additional features that should be of value to organizations that depend on it. Overall performance has been improved through the implementation of new kernel-level routines that reduce performance overhead. Also, administration has been simplified through, for example, configuration settings that are stored in XML files. Well cover IIS administration in detail in Chapter 7. Windows Server 2003 also ships with built-in support for Microsofts .NET Framework. This feature allows web and standard application developers to easily take advantage of Microsofts new programming architecture. Although Microsoft states that this is a major benefit of Windows Server 2003, its important to note that the .NET Framework can be quickly and easily installed on Windows 2000based computers through a free download.

Other Enhancements In addition to the major feature areas that youve seen thus far, Windows Server 2003 includes many other enhancements over Windows 2000 Server. Here are a few of those improvements:
Effective Permissions

One of the challenges related to managing security in a network environment is in dealing with file system permissions (a topic that well cover in Chapter 4). Windows Server 2003 now includes a new tab in the properties of files and folders called Effective Permissions. This tab can be used to calculate a users overall permissions on an object. It takes into account group membership and security settings on the objectsomething that administrators had to do manually in previous versions. One of the primary strengths of the Windows operating system platform is its wealth of graphical administration and configuration tools. However, in some cases, systems administrators might want to perform tasks from a command line (or through a batch file). Windows Server 2003 includes dozens of new command-line utilities that can be used to perform common tasks without launching a graphical user interface. Systems administrators that are familiar with using other operating systems (such as Unix or Linux) will find these tools to be welcome additions. Throughout this book, well look at command-line methods of Windows Server 2003 tools.

Command-line utilities

10

Chapter 1: An Introduction to Windows Server 2003

Support for Previous Versions functionality

Windows Server 2003 provides systems administrators with the capability of storing previous versions of files on shared folders. This can greatly reduce common systems administration tasks related to restoring files that were accidentally deleted or modified. Well look at this feature in Chapters 5 and 6. For organizations that require the highest levels of reliability and scalability, clustering can be a useful option. The Enterprise and Datacenter Editions of Windows Server 2003 now provide support for eight-node clusters (compared to a maximum of four nodes in the previous Datacenter version of Windows). Windows Server 2003 now includes enhanced administration tools that enable monitoring wireless networks according to the 802.1x specifications. Additionally, the operating system can now improve security for wireless connections through enhanced authentication and encryption methods.

Improve clustering scalability

Support for wireless networks

Of course, there are many more enhancements that can make life easier for all users in your organization. Its important to determine which of these features will provide real enhancements to your organizations users when youre evaluating whether or not to implement Microsofts newest server operating system. Now that you have a good overview of the new features of Windows Server 2003, lets take a look at the various available editions of the product.

Choosing an Edition of Windows Server 2003

Microsoft has aimed the Windows Server 2003 product at many different market segments, ranging from small businesses to the largest distributed network environments in the world. Like previous editions of the Windows NT 4.0 and Windows 2000 platforms, Windows Server 2003 comes in various editions. Each edition has a different price and offers different features. The editions include the following:
Web Edition

This edition of Windows Server 2003 is designed to function as a web server and a web application server. The Web Edition is the lowest-cost version of Windows Server 2003 and is available only with the purchase of a new server computer. It does have limitations related to the

Understanding Windows Server 2003

11

maximum hardware configuration that is support. The Web Edition also cannot function as an Active Directory domain controller and cannot run Microsofts SQL Server.
Standard Edition

The Standard Edition of Windows Server 2003 is aimed at small businesses and for use as a server in workgroups or small departments. Its main limitations are in the area of hardware support. The Enterprise Edition of Windows Server 2003 is designed to provide support for larger applications and higher-end server hardware than the Standard Edition. The main benefits are support for up to eight CPUs and up to 32GB of memory (64GB on 64-bit versions). This edition also supports eightnode clustering configurations. The Datacenter Edition of Windows Server 2003 is designed to provide the ultimate level of hardware scalability. This edition is available only when shipped with new systems that are designed by hardware manufacturers.

Enterprise Edition

Datacenter Edition

Both the Enterprise Edition and the Datacenter Editions support 64-bit Intel Itanium systems, providing support for high-end server configurations. Table 1-1 lists the types of hardware that are supported by each of the editions of Windows Server 2003. For more information about the details of each edition (and for pricing and licensing information), see www.microsoft.com/WindowsServer2003.

TABLE 1-1

Edition
Web Edition Standard Edition Enterprise Edition Datacenter Edition

Max RAM
2GB 4GB 32GB (32-bit) 64GB (64-bit) 64GB (32-bit) 512GB (64-bit)

Max # of CPUs
2 4 8 864

Maximum System Specifications for Various Editions of Windows Server 2003

12

Chapter 1: An Introduction to Windows Server 2003

CERTIFICATION OBJECTIVE 1.02

Installing Windows Server 2003

A Chinese philosopher named Laozi is credited with saying A journey of a thousand miles must begin with a single step. Well, here you areat the first step toward learning about Windows Server 2003. It probably comes as no surprise to you that well start by walking through the information and concepts that are related to installing Microsofts newest server-side operating system. In some ways, the path is well paved. That is, Microsoft has gone to great lengths to make the setup process as quick and painless as possible. Drawing on experience and feedback based on over a decade of GUI-based operating systems, the setup process has been streamlined. For example, youll be asked a lot of the important questions early on during the installation so that you can take a lunch break or get some much-needed coffee while the setup process does its work. And, theres more good news to keep in mind: If you make a misstep during the installation process, its generally not a huge problem. Most configuration options and settings can be changed quickly and easily after you install Windows Server 2003. In fact, some settings (such as networking options) can be easier to set after the installation is complete. Of course, thats not to say that you should dismiss the questions that setup asks you as a mere annoyance. Some choices (such as disk partitioning details) are important and cannot easily be changed after setup has completed. Dont let the simplicity of the installation process fool you, though. Windows Server 2003 is a very powerful operating system. And, the configuration options are very important. In this chapter, Ill start by presenting information about the various decisions youll need to make during the setup process. The focus of the initial sections in this chapter is on concepts. Then, drawing on this information, well walk through the process of installing Windows Server 2003 using the choices weve made.

Understanding Windows Server 2003 Setup Options

Since Microsoft has gone to great lengths to make the installation process as quick and painless as possible, Ill provide a discussion of the various installation options that are available in this section. Then, using this information, well walk through the exact setup process for Windows Server 2003.

Installing Windows Server 2003

13

This approach is also a good practice in the real world. Before you begin setting up a new server, be sure you understand the details of what the server will be doing and how it should be configured. For example, before you get to the Licensing selection screen, you should have decided which licensing mode you plan to use. And, before you get to the Network Settings options, you should understand how your server is supposed to be configured to communicate on the network. Having this information ahead of time will ensure that your selections during setup are exactly what you want.

Determining Compatibility
Before you begin installing Windows Server 2003, you should do a little bit of homework to ensure that your current configuration is compatible with Windows Server 2003. Although this is a recommended practice for any operating system installation, its especially true for servers (where reliability, uptime, and performance are critical). You can save a lot of time and prevent serious headaches by taking the time to consult the Hardware Compatibility List (HCL) before you begin the setup process. There are few things worse than getting two-thirds of the way through the setup process and then finding that some critical hardware is not supported. For more information about checking for hardware and software compatibility, see Chapter 2. One of the first decisions youll have to make is how you want to install Windows Server 2003. So, lets take a look at the two installation options that are available.

Understanding Upgrade Installations

If you are using a supported Microsoft operating system, you may be able to perform an upgrade installation of Windows Server 2003 on the same machine. An upgrade installation will keep many of the configuration settings in the previous operating system intact, but the entire operating system will be upgraded. You can upgrade to Windows Server 2003 from the following products:
Windows NT Server version 4.0 with Service Pack 5 or later Windows NT Server version 4.0, Terminal Server Edition, with Service

Pack 5 or later
Windows NT Server version 4.0, Enterprise Edition, with Service Pack 5

or later
Windows 2000 Server Windows 2000 Advanced Server

14

Chapter 1: An Introduction to Windows Server 2003

An upgrade installation is one that is performed over an existing installation of the Windows operating system. When you choose to perform an upgrade installation of Windows Server 2003, you should keep the following points in mind:
You will not need to reinstall applications. Most of your applications will keep

their settings and configuration after the upgrade is complete.

Some applications may not be compatible. In some cases, some of the applications,

utilities, or services that are installed on your machine may not be compatible with Windows Server 2003. In this case, youll be given details regarding the potential problems.
Most configuration settings will be retained. For example, if you configured

shared folders, users, groups, and other settings for your server, these settings will be retained after the upgrade process is complete. Note, however, that some types of settings cannot be automatically upgraded due to changes in newer operating systems. If your server is running any critical processes, be sure to consult Microsofts support resources before you perform the upgrade. The process of installing and configuring a Windows-based server is generally a fairly easy one in many environments. In the real world, you might often choose to perform a new installation instead of performing an upgrade, even when youre starting with a compatible operating system. Who knowsyou might even find several areas for improvement in the configuration! Keep in mind that, even though youre performing an upgrade installation, its highly recommended that you create a backup of all of the data on your system (for more information on performing backups, see Chapter 6). If its not possible to perform an upgrade installation, or if you would like to start with a clean slate, you can perform a new installation of Windows Server 2003. Lets look at that process, next.

Understanding New Installations

A new installation of Windows Server 2003 configures the product with its default options. This is the only choice youll have if youre setting up a new server that does not yet have an installed operating system. Or if youre trying to upgrade from an earlier version of a Microsoft operating system (for example, Windows NT 3.51 Server), or one that does not support upgrading to Windows 2003 Server (such as Windows 2000 Professional), you will have to perform an installation from scratch (that is a new installation that requires you to reconfigure all of your settings and reinstall software).

Installing Windows Server 2003

15

Before you perform a new installation, keep the following in mind:

You can easily reconfigure disk storage settings. When you perform a new

installation, you can change the sizes and types of partitions (if you dont mind losing the data stored on those partitions). This can help make more efficient use of storage.
Document your current configuration. In many cases, youll need to reconfigure

the new server in accordance with the configuration guidelines of your IT environment. Before you perform a new installation, be sure that you make notes related to the purpose of the server, along with any important settings. For example, if the machine is a DHCP server, be sure to document which IP addresses are available in its DHCP scopes.
Back up important files. Although the setup process will not destroy any data

unless you tell it to do so, you should always back up any critical files that are stored on the server before you perform an upgrade.
You can minimize risk and the potential impact to your production environment.

When you perform a new installation, you can set up a brand new server while the current one remains in production. This will give you time to learn the new features of Windows Server 2003, and it will give you the opportunity to perform adequate testing before the machine is released into the production environment.
You have an opportunity to fix past configuration issues. As systems administrators,

we often have pet peeves about such things as the naming of folders or files on the system. Perhaps your IT department has created standards for naming shared folders, users, and groups. If you are willing to perform a new installation, this would be an excellent opportunity to new up some of the problems in the existing configuration, since youll be forced to start from scratch. There are some special considerations for upgrading Windows NT 4.0 Server computers.

Upgrading Windows NT 4.0 Domain Controllers In Windows NT 4.0, domains used a very different architecture from that of the Active Directory (the domain model supported by both Windows 2000 Server and Windows Server 2003). Well cover some information about the Active Directory later in this chapter. For now, however, lets look at some important information about upgrading from Windows NT 4.0 Server computers.

16

Chapter 1: An Introduction to Windows Server 2003

Windows NT 4.0 Server computers can assume one of several roles:

Primary Domain Controller (PDC)

Windows NT 4.0 domains use a single master architecture, and the PDC is the only domain controller on which security-related changes can be made. There must be exactly one PDC per Windows NT 4.0 domain. Every Windows NT 4.0 domain can contain zero or more BDCs. These servers are domain controllers that store copies of the domain security database. BDCs are used to authenticate users and to perform other security-related functions. A Windows NT 4.0 Server computer can be configured as a member of a domain. Member servers belong to a domain but do not contain any domain security information. When Windows NT 4.0 is configured to work in a stand-alone configuration, it does not participate in a domain at all. Instead, the server contains its own security database that must be administered separately from the security on other machines.

Backup Domain Controller (BDC)

Member Server

Stand-Alone (Workgroup) Server

The role that a Windows NT 4.0 Server will play in a domain environment must be determined when the server is installed. Once the operating system is installed, a server cannot be promoted to a domain controller (or cease to be a domain controller if it was installed as one originally) without reinstalling the operating system from scratch. A complete upgrade strategy will include a determination of which types of servers will be upgraded first and how the domain will be migrated to the Active Directory. For example, you might choose to upgrade your domain controllers first. Or, you could choose to upgrade particular member servers before the domain itself is upgraded. The task of migrating a domain from Windows NT 4.0 to the Active Directory can be a considerable undertaking for all but the smallest environments. Be sure to allocate plenty of time for planning the migration. The details related to upgrading a Windows NT 4.0 domain to an Active Directory environment are beyond the scope of this book. However, you should know that there are special considerations when you plan to upgrade Windows NT 4.0 domain environments to the Active Directory. For more information, see the Windows Server 2003 Help and Support Center.

Installing Windows Server 2003

17

Multiboot Configurations
In some cases, you might want to install multiple operating systems on a single physical computer. It is possible to install Windows Server 2003 and another operating system on the same computer. This is often done on test computers (to support, for example, software developers who must ensure that their products work on a variety of systems), and in training labs. The best way to support multiple operating systems on one machine is to configure multiple disk partitionsone for each of the operating systems you plan to install. If you are installing an MS-DOS-based version of Windows (such as Windows 95, Windows 98, or Windows ME), you should start by installing that operating system first. Then, you should install Windows Server 2003. The setup process should be able to detect the other operating system installation and will add it as an option on the boot menu. Its also important to note that MS-DOS-based versions of Windows support only the FAT and FAT32 file systems and that they will be unable to read information stored on NTFS partitions. Note that other operating systems, such as Linux, will require special types of disk partitions and may modify the boot process. For more information on multiple boot configurations with these systems, see the documentation that comes with the software.

Choosing a Licensing Mode

Microsoft requires that users of its server operating systems purchase sufficient Client Access Licenses (CALs) for the number of users or devices the server will be supporting. During the setup process, youll be prompted to choose which licensing mode you want to implement for your server. The two options are:
Per Server

This method allows you to configure CALs for the local server, and it will limit the number of concurrent connections that are supported on the computer. In this method, you will need to purchase licenses for each of the users or devices that will be accessing any Windows Server 2003 installation.

Per Device or Per User

Figure 1-3 shows the options that youll see during the setup process. If you are unsure about which licensing mode you will use, its best to choose per server, as you can later switch this to the other mode. Note, however, that the opposite conversion is not allowed. For more details about choosing licensing methods, see Chapter 7. Also, note that if even if you have Windows 2000 Server (or earlier) CALs, you must upgrade to Windows Server 2003 CALs.

18

Chapter 1: An Introduction to Windows Server 2003

FIGURE 1-3

Choosing a licensing mode during setup

Choosing Network Settings

Windows Server 2003 is designed as a network operating system, and most implementations of the product will involve its use on a LAN. When you install Windows Server 2003, youll be prompted to specify network configuration options (see Figure 1-4). You have two main options:
Typical Settings

This is the default option that youll be presented with. When you select this option, setup will attempt to get network information from a DHCP server, if one is available. If a DHCP server cannot be contacted, then the network configuration settings will be automatically assigned in accordance with algorithm used by the setup process. Generally, systems administrators will want their server computers to keep the same IP address. This can be accomplished through the use of DHCP (using address reservations), or by choosing the Custom Settings option. If you know how you want to configure various network settings, you can choose to manually provide them during setup. Youll need

Custom Settings

Installing Windows Server 2003

19

to know which protocol(s) you want to install, along with configuration settings (such as an IP address, a default gateway, and information about name resolution servers). If youre in doubt about these settings, its best to just choose the typical settings option. Even if this isnt the correct choice, you can easily make changes after setup is complete. Note, however, that you may not be able to access any other computers on the network until you fix the network configuration.

Joining a Domain vs. a Workgroup

Networked Windows Server 2003 computers can participate in a workgroup or a domain. A workgroup is simply a collection of computers that define themselves to belong to a single logical grouping. Each computer within a workgroup maintains its own security database and other settings.

FIGURE 1-4

Choosing network settings during Windows Server 2003 setup

20

Chapter 1: An Introduction to Windows Server 2003

A domain works as a single, centralized security database that stores information about user accounts, computer accounts, and other resources that are available on the network. Windows Server 2003 can function as a member of a domain, if you have one in your environment (see Figure 1-5). In order to add a computer to the domain, you must have already created an account for the computer, or you must be able to provide authentication information for a user that has permissions to add a user to the domain. A Windows Server 2003 computer can participate as a member of a Windows NT 4.0 domain or as a member of an Active Directory domain. If you want to make your computer a domain controller for an Active Directory domain, youll be able to do this after the setup process completes (well cover the details later in this chapter). Like several other options that youll specify during setup, the choice of whether to join a workgroup or a domain is not a critical one, as it can easily be changed after setup completes. If youre in doubt, just install the Server as a workgroup server.
FIGURE 1-5

Choosing whether to join a workgroup or a domain

Installing Windows Server 2003

21

Choosing a File System and Disk Partition Settings

When youre installing Windows Server 2003, youll need to choose how you want to configure physical hard disks on your server. The simplest configuration will consist of only a single partition that will store the boot files, the operating system, applications, and all data (shown next). In order to simplify some systems administration operations, however, you might want to configure multiple partitions. For example, you might choose one partition to store the operating system files and program files, another to store user data, and another for special applications such as Microsofts SQL Server or Exchange Server product.

Choose your partition arrangement carefully. Unfortunately, there is no easy way to change the size and location of the operating system and program files partitions. Although third-party utilities are available for performing some tasks, they often require downtime and additional effort. Therefore, you should take the time up front to ensure that the partitions you create are large enough to accommodate growth. In addition to determining the disk partitioning options, youll need to specify the file system to use for each partition (shown next). The default (and recommended) file system supported by Windows Server 2003 is NTFS. NTFS provides increased performance, efficient usage of disk space, and file system

22

Chapter 1: An Introduction to Windows Server 2003

security options. Since it has so many advantages, you generally will want to choose NTFS as your file system.

You have the option of installing Windows Server 2003 to a FAT or FAT32 partition; however, FAT and FAT32 file system choices are included mainly to support older operating systems on the same machine in a multiboot configuration. Well cover the details of working with these different file systems in Chapter 5. A good rule of thumb is to use NTFS wherever you can, and FAT/ FAT32 wherever you must! That is, choose Starting the Windows FAT/FAT32 only if its necessary to support Server 2003 Setup Process a specific configuration. This is generally required only if you want to support a So far, youve looked at a lot of different multiboot system. information thats required before you begin the setup process. Once you have made these decisions, the good news is that the setup process is fairly quick and easy to perform. If you are planning to upgrade an existing installation of the Windows operating system, you should boot into that operating system and simply insert the Windows Server 2003 CD-ROM. This will launch a setup menu that allows you to choose from among various options. From here, you should just follow the prompts that walk you through the installation process. Once a basic system check is performed,

Installing Windows Server 2003

23

youll be given the option to specify whether you want to perform a new installation or (if its supported) to perform an upgrade. Once the necessary setup files are copied to your local file system, you will need to reboot the computer to begin the text-mode portion of the setup process. The other way to install Windows Server 2003 is to start the setup process directly from the installation media. This is the best method available if you are installing the operating system on a new computer. Note that you may need to configure the computers BIOS to include the CD-ROM as a boot option (consult your hardware documentation if you need to know how to do this). Since the Windows Server 2003 CD-ROM is bootable, this will automatically start the text-mode portion of the setup process. Regardless of which way you originally launch the setup process, youll be shown the first screen of the text mode of setup (shown next). Here, youll be able to choose from various options (all of which were described earlier in this section) for how to configure the operating system.

Next, lets take a look at some ways in which you can troubleshoot setup problems.

Troubleshooting the Setup Process

In general, problems during the setup process are fairly rare with Windows Server 2003. The most common problems that will occur are due to hardware configuration or

24

Chapter 1: An Introduction to Windows Server 2003

hardware incompatibility. Hopefully, you can avoid these by performing compatibility checks before the setup process. However, when problems do occur, its important to be able to troubleshoot the setup process. In this section, youll see several ways in which you can troubleshoot the installation.

Troubleshooting Setup Failures

If you run into problems that prevent the setup process from successfully completing, there are some steps that you can take. In some cases, the best thing to do might be nothing at all. That is, the Windows Server 2003 setup process has been designed to be fault-tolerant. If a critical error occurs, setup will restart from where it left off (actually, just past the point where it left off to avoid creating the same problem again). Therefore, you should just reboot the computer and try to continue the setup process. If the setup process fails during the hardware detection phase, then the problem is likely to be related to a hardware incompatibility. If thats the case, youll probably need to use another computer to see if its a known issue. Another useful option is to search the Microsoft knowledge base (available at http://support.microsoft.com), for specific articles that document the problem youre having.

Checking the Event Logs

After the Windows Server 2003 setup process has completed, its still possible that some errors or problems occurred. Its always a good idea to check the System event log to find any problems that may have occurred. You can do this by clicking the Event Viewer item in the Administrative Tools program group. Specifically, you should search for any warnings or errors that might indicate problems. For more information about viewing the event logs using Event Viewer, see Chapter 8.

Postinstallation Steps
Generally, once youve installed the Windows Server 2003 operating system, your job is just beginning. Before you can place the server in use, youll need to perform various tasks in order to configure the server to meet the needs of your environment. As Windows Server 2003 includes many different types of functionality, the product can work in many different roles. Primarily for reasons of security, Microsoft has made a conscious decision to disable all but the most critical components of the Windows Server 2003 operating system, by default. This ensures that systems administrators will enable only the tasks that are required for a specific machine, and will reduce the chances that unneeded services and features will cause security or reliability problems.

Installing Windows Server 2003

25

Fortunately, Microsoft has included several tools that can help you enable and configure the many different features in Windows Server 2003. In this section, youll look take a high-level look at some of these methods.

Using the Configure Your Server Wizard

As mentioned earlier, one of the changes that Microsoft has included in Windows Server 2003 is that the operating system runs only a minimal set of services and features after the installation process is complete. Therefore, its up to systems administrators to determine which features they want to enable and implement. Fortunately, the Configure Your Server Wizard has been designed to provide the basic steps that are required in order to set up Windows Server 2003 to perform various common tasks. Accessing the Configure Your Server Wizard is fairly easy. When you first log in to Windows Server 2003, after installation, youll be presented with this wizard (verify this). You can also launch this wizard by click on Start | Programs | Administrative Tools | Configure Your Server. The following illustration shows the various options that are available after you click Next to begin using the Wizard.

The list of server roles includes the following:

File Server Print Server

26

Chapter 1: An Introduction to Windows Server 2003

Application Server (IIS, ASP.NET) Mail Server (POP3, SMTP) Terminal Server Remote Access / VPN Server Domain Controller (Active Directory) DNS Server DHCP Server Streaming Media Server WINS Server

Note that these are the options that are available within the Enterprise Edition of Windows Server 2003other editions may not have all of these features available for use. Selecting a role to enable couldnt be much simpleryou will basically highlight one of the available options and then click Next. If the role has already been configured, youll be prompted for any details that might be required to remove this role. If the role has not yet been configured, youll need to provide any required information in order to set up that role, as shown here:

Installing Windows Server 2003

27

Youll see the Configure Your Server Wizard in action throughout the remaining chapters of this book. For now, however, you should keep in mind that this wizard should be your first step when you want to implement new functionality.

Using the Manage Your Server Wizard

Configuring a new server role is generally just the first step in making that role ready for your users to access. Generally, further configuration is necessary. For example, if you choose to configure a file server, you must still select which files should be shared, and who should have access to those files. Or if youre setting up a new application server, youll need to configure specific sites and services. Youll look at the technical details related to most of these server roles in later chapters. All of the features of the Windows Server 2003 operating system can be configured using the standard administrative tools that are included with the server. However, the new Manage Your Server Wizard is designed to provide a single central place from which you can launch the most common administrative tools and options. This Manage Your Server Wizard is automatically launched after you add a new role using the Configure Your Server Wizard. You can also launch the tool by choosing Start | Programs | Administrative Tools | Manage Your Server. The following illustration shows the main screen of this wizard.

28

Chapter 1: An Introduction to Windows Server 2003

A section for each of the configured server roles on the local machine is displayed. Within each section, youll see hyperlinks for performing common operations. For example, if youre configuring a print server, youll see options for adding a printer, adding a printer driver, and opening the Printers and Faxes administrative tool. Some of these links will launch an administrative tool (such as the Active Directory Users and Computers MMC console), and others will launch wizards or help information that can walk you through common setup processes, as shown here:

Installing the Windows Server 2003 Support Tools

In addition to all of the files, tools, and utilities that are installed with Windows Server 2003, Microsoft has made the Windows Support Tools available for systems administrators. This set of tools is included on the standard Windows Server 2003 setup CD-ROM, and its located within the \Support\Tools\ folder. To install the tools, simply double-click on the SupTools.msi file from within a current Windows operating system. This will launch the Windows Support Tools Setup Wizard. When Microsoft has been known prompted for the installation type, choose Complete to make references to Support Tools (and to ensure that the deployment tools are installed. even unsupported utilities) on exams. When the installation is complete, youll have Although its probably not worthwhile a new Windows Support Tools program group in memorizing the exact syntax of the many your Start menu. In addition to providing the commands available, having a good general tools that youll use in the following sections of knowledge of whats available might be this chapter, the Support Tools include several helpful as your prepare for the exam. These command-line utilities. Table 1-2 provides some tools can also be excellent time-savers in examples of a few of the utilities, along with their the real world! purposes.

Installing Windows Server 2003

29

TABLE 1-6

Examples of Windows Server 2003 Support Tools, and Their Purposes

Tool Name
ACL Diagnostics

Command
Acldiag.exe

Purpose
Provides information about the access control list (ACL) on various objects

Notes
Useful for calculating effective permissions on an object and for troubleshooting security problems This tool is very useful for determining how much space specific users or applications are using on a file server

Directory Usage

Diruse.exe

Provides a breakdown of the amount of storage space used by specific directories

Disk Manager Diagnostics

Dmdiag.exe

Displays information about the configuration of disks and other storage devices Finds active DHCP servers Useful for troubleshooting DHCP address assignment problems. Can be useful in troubleshooting application installation and compatibility issues Can be useful for troubleshooting security issues.

DHCP Server Locator Utility

Dhcploc.exe

File Version

Filever.exe

Displays details about the exact version of a file

Get Security ID

GetSID.exe

Gets the Security Identifier (SID) for an operating system object such as a file or folder Displays detailed statistics related to memory usage on the local machine Displays detailed information about processes and threads that are running on the local machine Command-line utility for changing the permissions on file system objects

Pool Byte Monitor

Poolmon.exe

Process and Thread Status

Pstat.exe

This detailed information can sometimes be useful for detailed crash analysis

XCacls

Xcalcs.exe

Useful for scripting and automating the application of permissions; also useful when moving files or folders to different volumes

30

Chapter 1: An Introduction to Windows Server 2003

For more information about these tools (including a complete list of commands and their syntax), be sure to check out the online help that is installed with the Support Tools (shown in Figure 1-6).

Using the Help & Support Center

Many online help systems are notorious for being difficult to use and not detailed enough to be truly useful. If youre like me, you get annoyed by help files that state only something like To convert the file system, click Convert. Almost anyone can figure that out, and without further details about choosing a file system and how the conversion process works, this information is really a waste of time. As a result, many users and systems administrators will resort to using online help only when all other efforts (including random trail and error) fail. Fortunately, the Windows Help and Support Center (HSC) is far superior to most types of online
FIGURE 1-7

Viewing the Online Help for the Windows Server 2003 Support Tools

Installing Windows Server 2003

31

help, and it can be an invaluable resource! To access the HSC, simply choose Start | Help and Support. Youll see the introduction screen shown in Figure 1-7. As you can see, this help system provides primary topics for many of the most important tasks that systems administrators need to perform. When you perform a search for a specific topic, this new Windows Help tool will not only search its internal database for information, but it will also automatically search the Microsoft Knowledge Base for articles related to your search. This ensures that youll have easy access to the latest information about a specific problem. That is, theres no more need to search multiple resources just to get the answers that youre looking for!
FIGURE 1-8

Accessing the Windows Help and Support Center

32

Chapter 1: An Introduction to Windows Server 2003

In various portions of this book, Ill direct you to consult the HSC if you need more information about a specific topic. Generally, Ill do this when something isnt necessarily included in the scope of Microsofts 70-290 exam, but its valuable to learn about, anyway. You should do the sameif you run into a problem or just want some more in-depth information about a topic, be sure to consult Windows Server 2003s help system. Now that you have a good idea of some of the ways in which you can start to configure Windows Server 2003 after the operating system is installed, lets move on to looking at one important server role in particular.

CERTIFICATION OBJECTIVE 1.03

Understanding Active Directory

When Microsoft released its Windows 2000 Server operating system platform, one of the most important features was its support for the Active Directory. This new domain model allowed greater scalability, reliability, and manageability than the model that it replaced. Windows Server 2003 adds some important enhancements to the Active Directory, but the overall architecture is largely unchanged. In this section, youll look at some basic information related to how the Active Directory works.

The Purpose of the Active Directory

Before you start looking at the details of how the Active Directory works, lets first take a look at why the Active Directory is needed, in the first place. The Active Directory is intended to serve as a replacement for the domain model that was supported in server-side editions of Windows NT 4.0 and earlier Microsoft server operating systems. A fundamental purpose for modern server-based operating systems is to provide a unified, central storage point for important organizational information. The generic term for this functionality is directory services. Almost all organizations will have valuable network resources located throughout their environment. IT staff are generally responsible for making these resources available to the users that need them in an efficient and easy-to-use manner.

Understanding Active Directory

33

A network directory can contain information about objects, such as users, computers, groups, and contact information. Many directory service systems provide methods for logically organizing these objects, in a way that reflects an organizations structure. The goal of a directory services mechanism is to provide for simplified, efficient systems administration, while still providing strong administrative capabilities that ensure security and reliability. That might seem like a tall order, but its something that many of us take for granted in the modern networking world. Prior to the introduction of the Active Directory, Microsofts directory services architecture was based on a flat domain model. Although users and resources in one domain could be given permissions in other domains, there was no clearly defined domain organization. There were several major limitations to this domain model. First, a limitation on the size of domains has some very real practical limitations. The number of objects (such as users and groups) would have to remain fairly small in order for replication to occur efficiently. Furthermore, domains were not related to each other in a hierarchical fashion. Instead of creating a logical domain structure that maps to a companys organizational needs, systems administrators had to create multiple, independent domains. Resources could be shared between domains through the use of trusts, but this method could quickly get out of hand as the number of domains grew. For example, many organizations would have literally hundreds of Windows NT 4.0 domain trusts. All of this led to fairly complex systems administration, especially for medium- to larger-sized organizations that supported many thousands of users. If youre planning to migrate from Windows NT 4.0 (or earlier) domains to Active Directory domains, its important to take the time to fully plan for and design your new domain environment. Only by ensuring that you fully understand the business and technical needs of your organization can you ensure that your new Active Directory structure will meet your needs. As you may have already guessed, the Active Directory was introduced to provide a way to get around many of these problems. Lets look at the logical and physical structures of the Active Directory in more depth.

The Logical Structure of the Active Directory

The Active Directory is based on a structure of domains. Domains can be created and configured in a hierarchical fashion, reflecting the business and technical needs of an

34

Chapter 1: An Introduction to Windows Server 2003

The information presented in this section is being provided only as an overview. For more information about the various Active Directory features mentioned in this section, see the Windows Server 2003 Help and Support Center. Also, you can find more information about implementing and managing the Active Directory in MCSE Windows Server 2003 Active Directory Infrastructure Exam 70-294 (Osborne / McGraw-Hill, 2003).

organization. In this section, well take a brief overview of how Active Directory domains work, along with some features that can help systems administrators manage environments with many different types of requirements.

Understanding Domain Structure

In the simplest Active Directory configuration, a single domain can exist by itself. For example, you might create a domain called ACMETools .com to support all of the users within your business. For various reasons (including security and administrative goals), you might also want to configure additional Active Directory domains within the environment. For example, you might choose to create domains named US.ACMETools.com and Corporate.US.ACMETools.com. Figure 1-15 shows an example of a hierarchical arrangement of Active Directory domains. Active Directory domains can be configured in a variety of arrangements that are called trees and forests. A tree is an arrangement of Active Directory domains that share a contiguous namespace. For example, the following domains would all be part of a single Active Directory tree:
Sales.NetworkProducts.com Consulting.NetworkProducts.com US.Sales.NetworkProducts.com

Note that all of these domain names are all part of the NetworkProducts.com domain. In some cases, you will want to create associations between noncontiguous domains within the same environment. Thats where Active Directory forests come in. Each forest has its own, independent domain namespace. These domains are in separate forests:
Company1.com Company2.com MyOrganization.org

Understanding Active Directory

35

FIGURE 1-9

An example of an Active Directory domain environment

Figure 1-9 provides another example of the various arrangements that are possible using Active Directory domains, trees, and forests.
FIGURE 1-10

An example of Active Directory trees and forests

36

Chapter 1: An Introduction to Windows Server 2003

Understanding Organizational Units

Systems administrators can create logical hierarchies within a domain through the use of Organizational Units (OUs). OUs are Active Directory objects that serve as containers for other objects. For example, you might create separate OUs named Sales, Marketing, and Engineering within your organizations domain. You can then place other Active Directory objects (such as users, computers, and groups) within OUs. Figure 1-10 shows an example of an OU structure within a single Active Directory domain. The benefit of using OUs is that they allow systems administrators to easily organize and manage Active Directory objects. Once a domain has been created, systems administrators can use the Active Directory Users and Computers tool to manage OUs and the objects that are contained within them. The following illustration shows an example.

Now that you have a high-level view of the logical organization of the Active Directory, lets move on to looking at the physical components of the Active Directory.

The Physical Structure of the Active Directory

One of the major benefits of the Active Directory is its ability to adapt to the business and systems administration needs of an organization. You saw how hierarchical domain arrangements and OU structures can be used to add organization. Another important

Understanding Active Directory

37

FIGURE 1-11

An example of an OU structure

aspect of configuring and maintaining directory services is to adapt to the physical structure of a network environment. This refers to concerns such as network bandwidth limitations and network design considerations. In short, the Active Directory must be able to accommodate an organizations technical limitations. In this section, youll look at how the Active Directory does this.

Domain Controllers and the Active Directory

Related to domains, a Windows Server 2003 computer can assume one of three roles:
Stand-alone server

In this configuration, a Windows Server 2003 computer is configured to function as a member of a workgroup. All computers that are configured as stand-alone servers contain their own security database. They do not participate with the Active Directory in any way. This option is sometimes used for publicly accessible servers (such as an organizations Internet web server), and for single-task situations in which participation in an organizations directory services environment is not necessary or desired.

38

Chapter 1: An Introduction to Windows Server 2003

Member server

A member server is a Windows Server 2003 computer that has joined a domain but does not contain a copy of the domain security database. In this role, the server will be accessible by members of the domain (assuming that they have the appropriate permissions), but changes to domain objects cannot be made on these computers. Member servers typically function as file/print servers, web servers, database servers, or e-mail servers. A domain controller is a part of the Active Directory infrastructure, and it contains a copy of the Active Directory database. Lets look at this role in more detail.

Domain controller

An Active Directory domain is hosted by one or more domain controllers. A domain controller is a Windows Server 2003 computer that is configured to host a copy of the Active Directory database and to participate in other Active Directory functions. Systems administrators create objects such as users and groups within an Active Directory domain. Whenever users attempt to log on to a domain, a domain controller is responsible for performing the authentication process. Multiple domain controllers can exist in a single domain, and it is recommended that at least two domain controllers exist in every domain. This is because each domain controller contains a copy of the Active Directory database. In the event of the failure of one of these domain controllers, the remaining domain controllers will still be able to carry on the necessary functions for the domain. Later in this section, youll see how a Windows Server 2003 computer can become a domain controller.

Sites and Site Links

One important concern for systems and network administrators is in managing the replication traffic between domain controllers. Every time a change is made on a domain controller (for example, when a new user object is created or group membership is modified), this change must be replicated to other domain controllers in the environment. In many organizations, the amount of traffic that these actions generate can be considerable. Thats where the concept of Active Directory sites comes in. Sites are designed to allow systems administrators to define and control how replication traffic occurs in their environment. Sites correspond to locations that are generally well connected (usually by a local area network [LAN] that has links of at least 10 Mbps). Each site

Understanding Active Directory

39

is defined by one or more subnet objectsa range of network Internet Protocol (IP) addresses that defines the network. For example, an organization that has a central Corporate office and three remote branch locations could configure a total of four sites (one for each location). Domain controllers in each site would be placed within these. The Active Directorys replication engine can automatically determine how and when to connect to the various sites. Additionally, site information can be used to determine to which domain controller clients will log on. Figure 1-11 provides an example of a site organization. Administrators can use the Active Directory Sites and Services tool to manage sites. Once sites have been configured, there are further options, such as site links that can further control how and when replication occurs. For example, in environments that have very busy wide area network (WAN) connections, sites can be configured to communicate replication data only during nonbusiness hours. It is important to keep in mind that site structure is completely independent of domain structure. That is, a single domain can span many sites, and a single site can have multiple domains. Put another way, sites correspond to the physical design of your network environment, and domains relate to its logical design.

Implementing the Domain Controller Server Role

Now that youve looked at a lot of the background information that is related to the Active Directory, its time to see how you can set up a new domain environment using Windows Server 2003. This is done by promoting a Windows Server 2003 computer

FIGURE 1-12

How Active Directory sites can be used to manage replication traffic within a domain

40

Chapter 1: An Introduction to Windows Server 2003

to a domain controller by configuring the Domain Controller (Active Directory) server role. The Active Directory Installation Wizard is the tool that will walk you through that process. In this section, well take a high-level look at some of the important options that are related to creating a new domain. There are two ways in which you can launch the Active Directory Installation Wizard. The first is through the Configure Your Server administrative tool. Simply select the Domain Controller (Active Directory) server role to continue. The other method is to choose Start | Run and then type the dcpromo command. Both methods will start the Active Directory Installation Wizard. To begin the process of promoting the domain controller, click Next.

In order to learn about the domain controller promotion process, lets walk through the various steps of the wizard. You should note that, depending on the configuration of your Windows Server 2003 computer and the choices that you make during this process, you will encounter different steps and options within the wizard. The following steps assume that you are setting up the first Active Directory domain in a new network environment. The steps are:

Understanding Active Directory

41

Operating System Compatibility

On this step of the wizard, youre provided with an important warning. Unlike the default authentication system supported by Windows 2000 Server, Windows Server 2003 domain controllers use an updated, more secure method for communicating between client computers and servers. As the message states, computers that are running Windows 95 or Windows NT 4.0 with SP3 or earlier will be unable to log on to a Windows Server 2003 domain controller. This is an important consideration if youre supporting a mixed environment that includes earlier versions of Windows.

Domain Controller Type

The first decision that youll need to make when promoting a server is to specify whether you want to create a new domain or you want the new domain controller to be part of an existing domain. In general, you will want to have at least two domain controllers for each domain in your environment (although there are many reasons to have more). Note the warning

42

Chapter 1: An Introduction to Windows Server 2003

regarding adding a domain controller to an existing domain. You must take special care to ensure that you do not have any encrypted files, since these files will no longer be accessible after the promotion process is complete. For the sake of this walkthrough, I will assume that youre setting up a domain controller for a new domain.

Create New Domain

In this step, youll be able to specify at which level in an Active Directory environment you want to create a new domain. The first option is to create a new forest. This is the only option that you can choose if you do not currently have any Active Directory domains in your environment. The next option is to create a child domain in an existing tree. This will allow you to create a domain such as marketing.MyCompany.com below your MyCompany.com domain. The third option is to create a new domain tree in an existing forest. This will create a new top-level Active Directory domain that is not a child of any current domain. Since you are setting up the first domain in a new environment, choose the first option and then click Next.

Understanding Active Directory

43

New Domain Name

On this step, youll need to specify the fully qualified name of the domain that you wish you create. The name generally consists of multiple parts and may be the same as a DNS domain name used for an organization. For example, you might specify that the new domain should be called Corporate.MyCompany.com. Note that the name that you provide is case-insensitive, but it is case-preserving. Therefore, using mixed case can improve readability (especially in very long domain names).

44

Chapter 1: An Introduction to Windows Server 2003

NetBIOS Domain Name

Versions of the Windows operating system (both clients and servers) that were released before the Active Directory will be unable to refer to the domain name that you specified in the preceding step. On this step, you must provide a NetBIOS-compatible name by which the domain will be referred. This name can be up to 15 characters in length and may not contain any special characters other than an underscore. On this step, youll need to specify the file system location of the actual Active Directory database and the log file. By default, both paths will be specified as the NTDS subfolder of the folder into which Windows Server 2003 was installed. As specified in the note, you can improve performance by storing the database and log files on separate physical hard disks. The performance improvement comes from the fact that data can be written to the Active Directory database and the Active Directory log file at the same time.

Database and Log Folders

Shared System Volume

Here, you will need to specify the location of the SYSVOL folder. This folder is used for replicating information between domain controllers. The path that you specify must reside on a local NTFS

Understanding Active Directory

45

file system. By default, the path is specified as a subfolder named SYSVOL within the Windows Server 2003 operating system folder.

DNS Registration Diagnostics

The Active Directory is dependent upon the Domain Name System (DNS) network standard in order to resolve names and communicate with other computers. On this step of the Active Directory Installation Wizard, an automatic analysis of the current DNS configuration will be performed. If a valid DNS server has been found (either on the local server or within the network environment) and it is properly configured, you will be able to continue. Otherwise, you will receive a message similar to the one shown in the illustration. Here you will have several options. First, you can choose to correct the problem manually (perhaps by setting up another DNS server) and then choose to rerun the diagnostics. Or, you can choose to have the Active Directory Installation Wizard perform the necessary DNS configuration by setting up the local computer as a DNS server. This is the best option if you are setting up a new Active Directory environment, since it performs the DNS configuration (which can sometimes be fairly complicated) automatically. The final option, which is listed as Advanced, specifies that

46

Chapter 1: An Introduction to Windows Server 2003

the wizard should not correct the problem and that you wish to continue, anyway. For the sake of this walkthrough, youll select the second option and continue.

Permissions

Here, youll need to specify the level of permissions that you want to implement within the new Active Directory domain that youre creating. The first option is to support preWindows Server 2000 operating systems (that is, the nonActive Directory domains supported in Windows NT 4.0 or earlier). Note that this option is less secure and should be chosen only if necessary. For example, some older hardware-based virtual private network (VPN) devices require the weaker permission in order to function properly. The other option, to use permissions compatible only with Active Directory domains, is more secure and should be chosen if possible.

Understanding Active Directory

47

Directory Services Restore Mode Administrator Password

Although the primary purpose of this server (after it is promoted) will be to function as an Active Directory domain controller, there may be times when you will need to boot the machine in Directory Services Restore Mode. For example, if the Active Directory database becomes corrupt, or you accidentally delete some required domain objects, you will need to perform a restore operation. In this special boot mode, the Active Directory will not be running. Therefore, youll need to specify the Administrator account as the login credentials, along with the password that you specify here. Be sure that you record this password in a safe place, because it can be very important in an emergency.

48

Chapter 1: An Introduction to Windows Server 2003

Summary

Finally, youve arrived at the last step of the Active Directory Installation Wizard. In this step, youll be able to review a text summary of the options that youve selected. Since the process of creating an Active Directory domain is an important one, you should take the time to review the information thats presented. You might even want to copy and paste the text into a file to keep a log of your selections. Once you have confirmed that the options are correct, you can click Next to begin the implementation of the Active Directory.

Understanding Active Directory

49

Once you have finished the Active Directory Installation Wizard, you will need to reboot your computer to start the services that will set up your new Active Directory domain. You can then use the Manage Your Server Wizard to determine which other steps you might need to take.

CHAPTER SUMMARY
In this chapter, you looked at a lot of basic information and concepts related to working with the Windows Server 2003 operating system. You began by looking at an overview of the new features in Windows Server 2003. There are many significant improvements in Microsofts latest server-side operating system, and users of Windows 2000 Server (and, especially, earlier versions of Windows) will find worthwhile reasons to upgrade. Of course, on the server side, one size doesnt fit all. So, you then looked at the various editions of Windows Server 2003 and their capabilities. Next, you looked at the process of installing the Windows Server 2003 operating system. Overall, the steps required to set up a basic server are very simple. However, its important that you take the time to collect the required information and make some decisions before you begin the setup process. You also looked at some of the ways in which you can configure Windows Server 2003 after the operating is installed. Last (but certainly not least), you were given a high-level overview of Microsofts Active Directory technology. Specifically, you looked at logical components (including domains and Organizational Units), and physical components (including domain controllers and sites). For most organizations, implementing the Active Directory will provide significant value. Armed with all of this information, you should be well prepared to begin covering the information that youll need in order to prepare for Microsofts 70-290 Exam.

50

Chapter 1: An Introduction to Windows Server 2003

TWO-MINUTE DRILL
Understand the Windows Server 2003 Platform Windows Server 2003 is available in four editions: Web Server, Standard,
Enterprise, and Datacenter.

Windows Server 2003 provides major enhancements in the areas of Active

Directory, Group Policy Management, and Internet Information Services.

Install Windows Server 2003 Its important to decide on the basic configuration of a new Windows Server
2003 computer before beginning the setup process.

An upgrade installation of Windows Server 2003 allows you to retain your

operating system configuration and settings, but this process can be performed only from specific operating system versions.

A new installation of Windows Server 2003 installs the server using the
default options and settings.

After Windows Server 2003 is installed, you can use the Configure Your
Server Wizard and Manage Your Server Wizard to enable and configure various server roles.

Understand the Active Directory The Active Directory provides a directory services infrastructure that can
help organizations manage resources throughout the network.

The logical structure of the Active Directory is based on a system of domains

that can be arranged in trees and forests.

Organizational Units (OUs) are used to provide hierarchical structure within

domains.

Through the use of domain controllers and sites, the Active Directory can
be configured to work within the constraints of an organizations physical network design.