Network Operating System

CHAPTER THREE

1
 Outline
3.1. Introduction to Network Operating System 3.3.Resource Monitoring & Management
3.2. Windows Network Concepts 3.4.Online Server upgrade/update process
3.2.1. Workgroups 3.5.Administering Database Server (MySQL)
3.2.2. Server Domain
3.2.3. Domain Controllers
3.2.4. LDAP & Windows Active Directory
3.2.5. User Administration Concepts & Mechanisms
3.2.5.1.Users and capabilities
3.2.5.2.Policy Tools & Roaming Profiles
3.2.5.3.The Registry
3.2.5.4.Automating Administrative Tasks - Windows Host
Scripting

2
Introduction to Network Operating System
 An operating system (OS) is software that manages
computer hardware and software resources and provides
common services for computer programs.
 Operating systems form an essential component of the
system software in a computer system. Application
programs usually require an operating system to function.
 Functions of OS
 Resource management
 Memory management
 Device management: Printer, Hard drive, display etc.
 Process management
 Processor management (CPU time )
3
Introduction to NOS….
 Examples of popular modern operating systems include:
 Android, BSD, iOS, Windows Phone,
 Linux, OS X, QNX,
 Microsoft Windows, and IBM z/OS.

 All these examples, except Windows, Windows Phone and z/OS, share roots in UNIX.
Introduction to NOS….
 Network Operating System (NOS) is a systems software that runs on a server and
enables to controls the computer systems and devices on a network and allows them
to communicate with each other.
 The NOS performs similar functions for the network as operating system software
does for a computer, such as memory and task management and coordination of
hardware.
 For example, one that runs on a server and enables the server to manage data, users,
groups, security, applications, and other networking functions.
 When network equipment (such as printers, plotters, and disk drives) is required, the
NOS makes sure that these resources are used correctly.
 Linux (used on workstations), OS X (used on Apple MACs), UNIX (used on servers),
and Windows Server (used on workstations and servers) are common network
operating systems.
Introduction to NOS….
 NOS can be used in:
 Routers, switches and hardware firewall.
 PCs in Peer-to-peer networks
 Client-server Architecture
Network OS and General Operating System
Aspect Network Operating System (NOS) General Operating System (OS)
Designed specifically for network management and Designed for general-purpose computing and
Primary Function
services. user applications, supports a single user.
Network Emphasizes network resources, such as file and print Focuses on managing computer hardware, file
Management services, user access control, and directory services. systems, and application execution.
Often has a command-line interface and web-based Provides graphical user interfaces (GUI) for user
User Interface
administration tools for network configuration. interaction.
- Windows Server - Linux with Samba - Novell - Microsoft Windows (client editions) - macOS -
Examples
NetWare Linux (desktop editions)
Ideal for environments where centralized network Used on personal computers and workstations
Use Cases
services are critical, such as in enterprise networks. for a wide range of applications.
Offers basic file and print services but may
File and Print Provides advanced file and print sharing services for
require additional server software for advanced
Services network users.
functionality.
Supports efficient sharing of resources like files, Resource sharing is primarily at the individual
Resource Sharing
printers, and user accounts across the network. computer level rather than network-wide.
7
Networking Models
 Computers on a network can be a be a
part of either
 Workgroup
 Domain

 Domains and workgroups are logical

groups of computers that are created
for the purposes of administration and
resource access.

8
 Workgroup (Peer-to-Peer) Networking
 One of the simplest ways to configure
a network John
John
 All computers are equal SAM
Shared folder
SAM

 Also known as peer to peer Sara Sara

 All computers work independently,
no computer has control over other
computers John
John

 Each computer maintains own set of: SAM Shared disk

Sara
SAM
Shared Printer
 Resources Sara
 Accounts Note: since there is no centralized user management, any user
who wants access to resources on another computer will need
 Security Information to have an account on that specific computer.
So if a user wants access to files on 10 different computers
9
then that user will need 10 separate user accounts.
Workgroup (Peer-to-Peer) Networking…

Note: By default, all Windows computers are placed in a workgroup named WORKGROUP
 Server-Based (Domain) Networking
 The domain controller(the Sever) control
the network.
 Centralizes all shared resources on a
centralized server, allowing everyone who DC
has been granted permission to access
them
 centralized administration and centralized
authentication, which make it easier for
administrators to manage
 Requires at least one domain controller
(DC)
 The administrator performs all the tasks
through the domain control.

11
Server-Based (Domain) Networking….

12
 Introduction to Active directory
 In the not-too-distant past, networks were
workgroup
 Each workstation had its own security
system, which consisted of user accounts,
group accounts, and network resources.
 For each server user needs a separate logon
IDs.

13
 Introduction to Active directory(cont’d.)
 If one wants to access resources from another
computer, he has to have account on that computer.
 The problem with this setting is, first it doesn’t scale
well. If it is small network administrating may be easy
task.
 Each time the new user want request a resource you
need to create account. when network size increases,
it becomes unmanageable
 Another problem is when a user changes a password,
you need to go to each computer so that the change
will be applied for all computer in the network

14
Introduction to Active Directory(cont’d.)
 Group Discussion(5 min)
 What is the disadvantages of workgroup network?
 For users, the end result in a workgroup environment was a convoluted and difficult
 process of remembering the location of resources,
 remembering the correct logon ID, and
 remembering the correct current password, all just to be able to access resources on the
network.
 administration became difficult.
 If a user needed to access files or printers residing on two or more servers
 The password change will not be automatically applied in all computer, no syncing

15
Introduction to Active Directory(Cont’d.)
 Network operating systems soon developed a variety of ways to use a single
logon ID(SSO) and password to access multiple servers.
 Domain is introduced in Window NT which is a flat database which stores users
information
 Active directory is introduced starting from window 2000X for centralized user
name and password management by window server as a Database

NB: SSO: ability for a user to authenticate once to a single authentication authority and access other protected
resources without reauthenticating

16
 What is Active Directory?
 Active Directory is a Directory Service which Contains Active Directory
Information of All User Accounts and Shared Recourses
on a Network.

 A directory service (DS) is a software application- or a

set of applications - that stores and organizes information
about a computer network's users and network
resources.

 Active Directory is a Centralized Hierarchical Directory

Database Directory service functionality Centralized
Organize management
 Allows network administrators to manage users' access Manage Resources
Single point of
to the resources Control administration

 Act as an abstraction layer between users and shared

resources
17
What is Active Directory?
 Active Directory stores information about objects on the network and makes this
information easy for administrator s and user s to find and use
 Active Directory is the directory service provided with Windows 2000 Server
products.
 Used primarily for organizing, locating, and managing all sort of network information.
 Network resources: Servers, printers, and other devices on a network.
 Network services: Capabilities on the network such as file storage, DNS, printing, and e-mail.
 Network users and groups: Identifiers for users on a network and for groups of users.
 The relationships between these pieces are what make the directory service so
powerful.
 And enables SSO

18
What is Active Directory (cont’d.)?
 Resources are the components attached to the network and made available to
users. Examples of resources are:
 A server’s hard drive
 An IP address
 A fax modem
 A scanner
 A printer
 Any “thing” that can be used by a client workstation

19
What is Active Directory (cont’d.)?
 For most services, there is an analogous resource, and for most resources,
there is an analogous service.

20
What is Active Directory (cont’d….)
 The final category in a directory is an account.
 An account is usually a logon ID and associated password used for access to
the network
 Each resource, service, and account is stored as an object in the directory.
 The information in the directory service manages how the services, resources,
and accounts relate to each other.
 Each object in the directory service includes a set of properties, or attributes.
 For example, a user account property might be the city in which the user resides, or a
DNS hostname would have the property for the IP address that host has been
assigned.

21
 What is Active Directory (cont’d.)?
 Has information about all the objects- Users, Computers, Resources like Printers,
Shared Files/Folders-in an organization's network.
 Everything in the AD is treated as an object.
 It is essentially a database which holds the objects.
 The name of the database file is NTDS.DIT

22
What is an ACTIVE DIRECTORY ?(cont’d.)
 Is similar to a telephone directory
 It is a software to arrange, store information and provides access and
permissions based on those information

23
 What is an ACTIVE DIRECTORY ?(cont’d.)
 Arranges all the Network’s Users, computers and other OBJECTS in to LOGICAL,
HIERARCHIAL groupings
 ACTIVE DIRECTORY information is used to authenticate/ authorize the Users,
Computers, Resources which are part of a network.
 Auditing functionality
 Domain Controller(DC) is a server that
responds to security authentication
requests within a Windows
Server domain.
• It is a server on a Microsoft Windows
network that is responsible for
allowing host access to Windows
domain resources.
24
Active Directory Services
Domain Services

Federation Services
• Internal Accounts Certificate Services
• Authorization
• Network Access for • Authentication • Identity
External Resources • Non-Repudiation

Active Directory
• Identity
• Access
• Centralized Management Lightweight Directory Services
Rights Management
Services
• Application Templates
• Content Security and
Control
Active Directory-Domain services(AD DS)
 Active Directory Services consist of multiple directory services.
 The best known is Active Directory Domain Services, commonly abbreviated as AD
DS or simply AD
 Active Directory Domain Services (AD DS) is the cornerstone of every
Windows domain network.
 It stores information about members of the domain, including devices and
users, verifies their credentials and defines their access rights.
 The server running this service is called a domain controller(D.C.)
 A domain controller is contacted when a user logs into a device, accesses
another device across the network.

26
 Active Directory OBJECTS
 Physical entities of a network
 Can be described by a set of attributes
 Objects
 DOMAIN
 FOREST
 ORGANIZATIONAL UNIT
 USER
 GROUP
 CONTACT
 COMPUTER
 SHARED FOLDER
 PRINTER
 SITE
 SUBNET
28
 Active Directory OBJECTS
 OBJECTS are explained by their ATTRIBUTES like
Name, Location, Department, etc.

 CONTAINER Object
 For Ex- Forest, Tree,
Domains, Organizational Units

 LEAF Objects
 For Ex- users, computers, printers, etc.

29
 Active Directory OBJECTS(cont’d.)
 SECURITY PRINCIPAL OBJECT-objects that
can be authenticated and assigned
permissions
 Each Object has a
 GUID-128 bit Globally unique identifier
 SID- Security identifier for each security
principal object

30
Overview of the Active Directory Structure
 Logical structure
 Objects
 Organizational Units (OUs)
 Domain
 Tree
 Forest
 Physical structure
 consists of sites and
 Servers configured as domain controllers.

31
 Active Directory Domain
 Logical grouping of objects
 Administrative boundary for objects
 No limit on the number of objects that can be
contained in a domain
 Objects need not be in a same physical
location
 Active Directory consists of one or more
domains.
Domains are identified by their DNS name structure and objects in a domain share the same
domain space (e.g. [email protected], printer1 @ Microsoft.com, etc.…login)

33
 Active Directory Domains(cont’d.)
➢ Triangles
Boundary of
➢ Domains function as containers for Active Policies
Directory objects Boundary of
➢ Each domain stores information only about Authentication
the objects it contains,
➢ and theoretically an Active Directory domain
can contain up to 10 million objects(17
terabytes).
➢ The objects for a single domain are stored in a single
database.
➢ A domain is defined as a logical group of network objects
Microsoft.COM
(users, computers, devices) that share the same active
directory database.
Boundary of Replication
34
 Active Directory Domains(cont’d.)
➢ Because all Active Directory users log on to a domain,
Boundary of
domains are boundaries of authentication Boundary of
Authentication Policies
➢ Domain controllers are responsible for authenticating user
and group passwords.
➢ Domains are also policy boundaries. Security policies
that are defined in one domain are not extended to
other domains.
• Password length
➢ Within a domain, information about objects is
replicated between all domain controllers for
additional security and redundancy
Microsoft.COM
➢ However, information is not replicated between
domains. This means that domains are also
Boundary of Replication
boundaries for data replication.
35
 Active Directory Domains(cont’d.)
• Boundary of Administration and DNS Namespace
• The domain administrator has the right to set policies only within that domain.
So, domains are also boundaries of administration because privileges that are
granted in one Domain do not extend to any other Domain.

• A unique namespace.
• An Active Directory Domain is identified by a unique DNS domain name.

36
Quiz(5%)
1. What is the difference between NT domain and Active directory domain?

2. What is the difference between container object and leaf object in active
directory? And give two example of each

3. What do we mean by Active directory authentication and authorization,

differentiate it?

37
 ORGANIZATIONAL UNIT(OU)
 Containers that can be used to group objects
within a domain
 Organizational units can appear only inside a
Domain
 Can be used to denote a specific Department,
location, team, functions, etc.
 OUs are unique inside a Domain
 Objects that should be managed by the same
administrator can be grouped together, and
authority to manage the specific OU is
delegated to an appropriate user by the domain
administrator.
38
ORGANIZATIONAL UNIT(OU)(cont’d.)
 Contains other objects like Users, Groups, Contacts, Computers, Printers,
Shared Folders, etc
 An OU can contain another OU(s).
 Nested OUs have Parent-Child relationship
 All OUs inside a domain are connected
 Group Policy Settings can be set at the OU level
 Delegation of Administrative Control is possible in OU
 Child OU(s) inherit the properties of the Parent OU.

39
ORGANIZATIONAL UNIT(OU)(cont’d.)

Organized For:
•Administration
•Same Requirements
•Delegation
•Group Policy
Techno •Configuration
•Security

Agri main
Hu.edu.et

40
Organizational Unit Applications

SalesLondon
Department
Desktops Marketing
NewDepartment
York
Printers

Hardware Devices
 Domain Tree
 DOMAIN TREE: Parent Domain- Child Domain(s) tree structure or
Nested Domains
 Objects in different DOMAINS communicate through TRUSTS which are
Transitive, Non-Transitive, Two Way and One Way

42
 Domain Trees(cont’d.)
➢ All domains in a Domain tree share a Shared
contiguous namespace Schema
➢ All Domains in an Active Directory Tree CONTOSO.COM
share schema, configuration, GC features
Configuration
US.CONTOSO.COM

OHIO.US.CONTOSO.COM Global Catalog

43
Configuration, Global Catalog, Schema
 1. Configuration Container:
 Single container applying to all domains in the Active Directory Tree.
 Contains information about the Active Directory as a whole,
 including what Domains exist,
 what physical Sites are defined,
 what Domain Controllers are running in what Domains and in what Sites,
 what Services are available, and so forth.
 Replicated to all Domain Controllers for replication topology and partner determination.

44
 Configuration, Global Catalog, Schema
 2. Global Catalog (GC) Server:
 Each domain or DC can’t contain forest wide information. Each domain maintains a separate
directory database (called NTDI.dit)
 Therefore, for users to find resources in all domain in the forest GC is used.
 GC acts as an index for all resources in the forest.
 Any DC can be made into a GC, and making all DC as a GC is advantageous if disk space and
network bandwidth is an issue.
 A GC contains key information about all the objects in the AD forest, but not full record of
an object as a library index contain only key information such as book title and Autor.
 i.e. only certain attributes are replicated to the GC server
 Having GC server means users in different domains can run queries on the GC ‘s to find any
object it the forest.
 In each domain, at least one GC server is required, more for redundancy
 Facilitates efficient queries, avoiding the need to search every domain.
45
Configuration, Global Catalog, Schema….
The global catalog:
Schema Hosts a partial attribute set for other
Configuration domains in the forest
Domain A Supports queries for objects throughout
Schema the forest
Configuration

Domain A Schema

Domain B Configuration

Domain B
Global catalog server
Schema
Configuration

Domain B
AD DS
 Configuration, Global Catalog, Schema
 3. Schema:
 Formal definition for all AD objects, including classes and attributes.
 Defines which object attributes are required and objects relationships.
 Stored in a single schema container, applying to all domains in the AD
Tree.
 Replicated for consistency across all Domain Controllers.

All the attributes of a user is specified in schema

47
Transitive Trusts

CONTOSO.COM

UK.CONTOSO.COM

US.CONTOSO.COM

48
 Active Directory Forest
 Highest Level of Security Boundary
 A forest contains one or more trees and
one or more namespaces.
 A complete Active Directory instance
contains objects like Domains, Users,
Computers, Printers and other network
resources.
 Information and data exchange can happen
only between the objects inside a Forest

49
Active Directory Forests(cont’d.)

CONTOSO.COM FABRIKAM.COM

US.CONTOSO.COM UK.FABRIKAM.COM

Global
Schema Configuration
Catalog

50
Active Directory Forest(cont’d.)
 To communicate with objects in other forests, explicitly created FOREST
LEVEL trusts are required
 Can contain one or more domains or a combination of domains or domain
trees
 The schema or design of an AD is consistent throughout the Forest

51
Active Directory Forest(cont’d.)
 An AD DS forest is a security boundary. By default, no users from outside the
forest can access any resources inside the forest.
 Typically an organization creates only one forest, although you can create
multiple forests to isolate administrative permissions between different parts
of the organization.
 By default, all the domains in a forest trust the other domains in the forest
automatically.
 This makes it easy to enable access to resources such as file shares and
websites for all users in a forest, regardless of the domain in which the user
account is located.

52
Active Directory User

 Part of the organization.

 Unique identity in the domain
 Accesses the domain’s resources
 Authorizations based access
 Has an unique SID

55
Active Directory Computer
 Individual computers/workstations, servers which are part of a
network
 Each computer has a unique computer account
 Computer Account allows each computer to be authenticated and
authorized for access to the domain and domain resources
 A server could be a Domain Controller or Global Catalog Server or
a Member Server

56
Active Directory Contact
 An individual who is not part of the organization but related to the
organization.
 E.g. Customer, Supplier,Vendor, etc.
 Unlike a user, a Contact cannot logon or access the domain or network.
 Cannot be assigned permissions or authorizations or restrictions.

57
Active Directory Group

58
Active Directory Group

59
Why should we user Active Directory Services?
 Highly SECURE-Possible to have layered Security, that have POLICIES and
PERMISIONS for security at different levels.
 Objects can be LOCATED ANYWHERE physically yet access the
domain/network’s resources securely.
 MILLIONS of users can be added to a single domain, Easily SCALABLE, Highly
FLEXIBLE, Readily EXTENSIBLE.
 EASY, EFFIICIENT SEARCH mechanism to locate an object

60
Why should we user Active Directory Services?(cont’d.)
 Centralized storage- for users, departments which makes BACKUP and
RESTORE-Efficient, Fast and Easy
 Efficient and Effective management of services because of Centralized
management of services
 Serves as a platform for services like Exchange, SharePoint, etc.
 Enable Single Sign-on(SSO)and pre and post action scripts like logon scripts
 Centralized auditing-which makes it easier to track all the operations.

61
Where can ACTIVE DIRECTORY SERVIES be used?
 Any organization that has a NETWORK setup
 Organizations which requires 24*7 uptime
 Any organization where the number of users, computers or resources will
keep changing
 Any organization where IFORMATION/DATA security is vital
 Any organization that operates in Multiple Locations

62
Where can ACTIVE DIRECTORY SERVIES be used?(cont’d.)

63
64
 Active Directory Domain Controllers
• A domain controller is a server that
Active Directory system users log in PDC DC
to and that contains information about
your directory structure.
• Active Directory system should
contain at least two domain
controllers.
• In window NT there is single point of
failure but not in wind 200x server BDC DC
• Stores info about each object in its BDC
domain DC

Windows NT Windows Server

4.0 200X
66
Active Directory DOMAIN Controller(cont’d.)
 DOMAIN CONTROLLER is the domain’s SUPREME AUTHORITY
 is a server that stores an Active Directory partition or copy of the directory.
A domain controller has several important functions:
 It manages the changes to directory information.
 It copies directory changes to other domain controllers in the same domain.
 It stores directory data.
 It manages user logon processes, authentication, and directory searches.
 The permissions, policies, and rights can be set for all the objects at the domain
level or at the individual object level as well
 A domain may have one or more domain controllers, which is continually
synchronized

67
Active Directory Domain Controller(cont’d.)

68
 Active Directory Sites
• An Active Directory site is a set of
TCP/IP subnets that are considered to be
“well-connected
Site A
• A site is a group of well-connected
computers in an Active Directory
system.
WAN Link

Site B

69
 Sites and Domains
Site A
US.CONTOSO.COM

• A site can contain an entire

CONTOSO.COM
domain, or only part of a
domain, or even multiple
domains.

Site B

71
Global Catalog
 Spans all domains in the forest
 The Global Catalog is a limited, forest-wide database of attributes
 Contains object attributes
 Used for searches(acts as index)
 Exists on domain controllers
 DC can be set to GC role

72
DNS
 AD will not work without DNS
 A few important tasks a DNS server in Windows Server 2012 is used for are:
 Resolve host names to their corresponding IP address (DNS)
 Resolve IP address to their corresponding host name (Reverse DNS)
 Locate Global Catalog Servers and Domain Controllers
 Locate Mail Servers
 Domain Naming System locates network services and resources.

75
DNS
Domain Naming System locates network services
and resources.

DNS Request Process

•Requested Service
•Site Information

DNS Server DC
•IP Addresses
•SVR Records Cache

76
Training Resources
Course ID Title
2199 Jumpstart: Active Directory Fundamentals
2282 Designing a Microsoft Windows Server
2003 Active Directory and Network
Infrastructure

For training information and availability

www.qa.com
Server Migration
 Different from workstation migration.
 Migrate roles or role services individually.
 Migration guides exist for different roles supported by Windows Server 2012
R2.
 Some migrations require the use of Windows Server Migration Tools and
others do not.

78
Server Migration Steps
 Install Windows Server Migration Tools on the destination server, running
Windows Server 2012 R2.
 Create a distribution folder and copy an appropriate version of the tools for
the source server.
 Copy the distribution folder to the source server and then register the
Windows Server Migration Tools.
 Use Migration Guides to migrate roles, features shares, settings, and other
data.

79
Migration Guide Elements
 Compatibility notes
 Guide contents
 Migration overview
 Migration requirements
 Pre-migration tasks
 Migration procedures
 Post-migration procedures

80
 PowerShell

 Now becoming the de facto CLI and scripting language for Microsoft products

 Allows you to string together commands, passing the result of one command
into the next, in a process known as pipelining

 Passes results as .NET objects

81
 Windows Remote Management

 Lets administrators manage servers remotely by running management scripts

and managing data on remote machines

 WS-Management protocol
 Public standard for exchanging management data remotely by any device implementing
the protocol

82
Lesson Summary
 Microsoft releases all of its operating systems in multiple editions, which
provides consumers with varying price points and feature sets.
 Windows Server 2012 R2 includes predefined combinations of services called
roles that implement common server functions.
 A clean installation is the simplest way to deploy Windows Server 2012 R2 on
a bare metal computer or a computer with a partition that you are willing to
reformat (losing all of the data on the partition in the process).

83
Lesson Summary
 Many enterprise networks today use servers that are dedicated to a particular
role. When a server is performing a single role, does it really make sense to
have so many other processes running on the server that contribute little to
that role?
 When you select the Windows Server Core installation option, you get a
stripped-down version of the operating system.
 If the advantages of Server Core sound tempting, but there are traditional
server administration tools you don’t want to give up, Windows Server 2012
R2 provides a compromise that it calls the Minimal Server Interface.
 The Minimal Server Interface is a setting that removes some of the most
hardware-intensive elements from the GUI.

84
Lesson Summary
 An in-place upgrade is the most complicated form of Windows Server 2012
R2 installation. It is also the lengthiest, and the most likely to cause problems
during its execution. Whenever possible, Microsoft recommends that
administrators perform a clean installation, or migrate required applications
and settings instead.
 Migration is the preferred method of replacing an existing server with one
running Windows Server 2012 R2. Unlike an in-place upgrade, a migration
copies vital information from an existing server to a clean Windows Server
2012 R2 installation.
 Windows Server Migration Tools is a Windows Server 2012 R2 feature that
consists of Windows PowerShell cmdlets and help files that enable
administrators to migrate certain roles between servers.

85