Hands-On Microsoft

Windows Server 2003

Administration

Chapter 1
Windows Server 2003 Network
Administration
Objectives

• List the various tasks of a Windows Server 2003

Network administrator
• Understand general troubleshooting techniques
• Ease network management with the help of
various Windows Server 2003 Administration
Tools
• Explain Windows Server 2003 Active Directory
concepts

2
Network Administration Overview
• Some of the tasks of a Windows Server 2003
Network administrator
– Installing and maintaining the operating system
– Administering Active Directory
– Administering file and print resources
– Administering Internet resources
– Administering the network infrastructure
– Monitoring and troubleshooting Windows Server
2003
– Administering Routing and Remote Access
Services (RRAS)
3
Installing and Maintaining the
Operating System

• Tasks related to the operating system

– Install the client workstation operating systems
– Install and configure the server environment
– Troubleshoot and resolve installation problems
– Install and manage the required service packs
and hot fixes

4
Administering Active Directory
• Involves
– Creating and modifying user objects
– Creating and modifying computer objects
– Creating and modifying group objects
– Managing Active Directory container and object
permissions
– Creating and troubleshooting Group Policy
objects
• Group Policy: a Windows Server 2003 feature that
enables you to create policies that affect domain
users and computers
5
Administering File and Print
Resources

• Tasks included in administering file and print

resources
– Troubleshooting user access to files and printers
– Planning and maintaining the most efficient and
secure way for users to work with file and print
resources

6
Administering Internet Resources

• Internet administration
– Needed because of B2B and B2C online
commerce opportunities
– Requires mastery of the configuration options
within the Windows Server 2003 IIS, including
• Providing secure access to Internet-accessible
resources
• Troubleshooting client connectivity problems

7
Administering the Network
Infrastructure
• Administering the network infrastructure requires
maintaining and troubleshooting network
services, protocols, and hardware
– TCP/IP protocol
• Used by Windows Server 2003 for network
communications throughout the infrastructure and
the Internet
– Domain Name System (DNS) service
• Provides name resolution and network service
location capabilities

8
Administering the Network
Infrastructure (Continued)

– Routers
– Dynamic Host Configuration Protocol (DHCP)
servers
– WINS servers

9
Monitoring and Troubleshooting
Windows Server 2003
• Maintenance
– Monitoring server health
– Monitoring system performance
• Maintenance tools
– System Monitor
– Event Viewer
• Troubleshooting tools
– Recovery Console
– Safe Mode

10
Administering Routing and Remote
Access Services
• Windows Server 2003 Routing and Remote
Access Services (RRAS)
– Access to the company network using dial-up
modems
– Virtual private networking (VPN)
– Internet connection sharing (ICS)
– Network address translation (NAT)
– A basic firewall
– Remote Desktop for Administration
• Enables administrators to network servers remotely
11
Network Administration Procedures

• Possible reasons for network problems

– Hardware failures
– Security or virus attacks
– File corruption

12
Network Troubleshooting Process
• A systematic approach to troubleshooting helps
– Define the exact problem
– Quickly solve the problem
• Steps of a successful troubleshooting process
– Define the problem
– Gather detailed information about what has
changed
– Devise a plan to solve the problem
– Implement the plan and observe the results
– Document all changes and results
13
Windows Server 2003 Management
Tools
• Features and utilities that assist in daily
management tasks
– The Microsoft Management Console (MMC)
– The secondary logon feature
– The Task Scheduler
– The netdiag command
– The Shutdown Event Tracker
• Logs each time a server is shut down or restarted

14
Windows Server 2003 Management
Tools (Continued)
• The Microsoft Management Console
– A customizable management framework that can
host a number of management tools
– Saved as a Management Saved Console (MSC)
file with the .msc extension
• Snap-ins
– Management tools that are added to the MMC
– Can be obtained from Microsoft or third-party
companies

15
An Empty MMC

16
Add/Remove Snap-in dialog box

17
Customized MMC

18
Windows Server 2003 Management
Tools (Continued)

• Taskpad view
– Simplifies administrative procedures
– Provides a graphical representation of the tasks
that can be performed in an MMC

19
Taskpad view of the Services snap-
in

20
The Secondary Logon Feature
• Network administrators should keep two accounts
– One for network management
– One for nonadministrative tasks
• The secondary logon feature allows the
administrator to
– Log on with the regular user account, then
– Open administrative tools as an administrator
• Administrator account
– A command prompt can be used to start
applications

21
Run As dialog box

22
Additional Administrator Utilities

• Several additional utilities are available with

Windows Server 2003 or the Windows Server
2003 Resource Kit
– Examples
• Windows Server 2003 Task Scheduler
• netdiag
• net command

23
Introduction to Windows Server 2003
Active Directory
• Active Directory
– A directory service database
– Services and features:
• Central point for storing, organizing, managing,
and controlling network objects
• Single point of administration of objects and Active
Directory-published resources
• Logon and authentication services for users
• Delegation of administration

24
Introduction to Windows Server 2003
Active Directory
• The Active Directory database
– Can be stored on any Windows Server 2003
server promoted to domain controller
• Multi-master replication
– Each domain controller throughout the network
has a writeable copy of directory database
– Provides a form of fault-tolerance
• Active Directory
– Uses DNS to
• Maintain domain-naming structures
• Locate network resources

25
Active Directory Objects
• An object
– Represents network resources, such as
• Users
• Groups
• Computers
• Printers
– Possesses attributes that provide information
about the object
• Active Directory stores a variety of objects within
the database

26
The Active Directory Schema

• Active Directory schema

– Defines objects and attributes for entire Active
Directory structure
– Consists of two main definitions
• Object classes
• Attributes
– Stored in the Active Directory database
– Replicated among all domain controllers within
the network

27
Active Directory Components

• Logical components of the Active Directory

– Provide a way to design and administer the
hierarchical, logical structure of the network
– Include
• Domains and organizational units
• Trees and forests
• A global catalog

28
Active Directory Components
(Continued)
• Windows Server 2003 domain
– Logically structured organization of objects that
• Are part of a network, and
• Share a common directory database
• Each domain
– Has a unique name
– Is organized in levels
– Is administered as a unit with common rules and
procedures
– Is defined by an IP address on the Internet
29
Active Directory Components
(Continued)

• Domains provide the ability to

– Configure unique security settings
– Decentralize administration
– Control replication traffic
• An organizational unit (OU)
– A logical container used to organize objects
within a single domain

30
Active Directory Components
(Continued)

• Benefits of using OUs

– Easier to locate and manage the Active Directory
objects
– Define more advanced features by applying
Group Policy to an OU
– Delegate administrative control over OUs

31
An Active Directory Domain and OU
structure

32
Active Directory Components
(Continued)

• Trees and forests

– Forest root domain
• First Active Directory domain created in an
organization
– Tree
• Hierarchical collection of domains that share a
contiguous DNS namespace

33
Active Directory Components
(Continued)

– Whenever a child domain is created, a two-way,

transitive trust relationship is automatically
created between the child and parent domains
• Transitive trust
– All other trusted domains implicitly trust one another

34
The Dovercorp.net domain tree

35
Active Directory Components
(Continued)
• Forest
– Collection of trees that do not share a contiguous
DNS naming structure
– The trees in a forest share a single Active
Directory schema
• Enterprise Admins
– Special user group
– Allows members to manage objects throughout
the entire forest

36
Example of an Active Directory
forest

37
Active Directory Components
(Continued)
• Global catalog
– Index and partial replica of the objects and attributes
most frequently used throughout the entire Active
Directory structure
– Replicated to any server within the forest that is
configured to be a global catalog server
– The first domain controller in Active Directory
automatically becomes a global catalog server
– Additional domain controllers can also be configured
to be global catalog servers

38
Active Directory Communication
Standards
• DNS naming standard
– Used by Active Directory for
• IP name resolution
• Providing information on the location of network
services and resources
• Lightweight Directory Access Protocol (LDAP)
– Used to query or update the Active Directory
database directly

39
Active Directory Communication
Standards (Continued)

• LDAP naming paths

– Used when referring to objects stored within the
Active Directory
– Main components
• Distinguished name
• Relative distinguished name

40
Active Directory Physical Structure

• Relates to the actual connectivity of the physical

network
• Aims regarding replication
– Make sure that any modification to the Active
Directory database is replicated as quickly as
possible between domain controllers
– Make sure that replication does not saturate the
available network bandwidth

41
Active Directory Physical Structure
(Continued)

• Sites and site links can be configured to

control
– Active Directory replication traffic
– Network logon traffic
• Active Directory site
– Combination of one or more Internet Protocol
(IP) subnets connected by a high-speed
connection

42
Active Directory Physical Structure
(Continued)
• A site link
– A configurable object that represents a low-
bandwidth or unreliable/occasional connection
between sites
– Can be adjusted for
• Replication availability
• Bandwidth costs
• Replication frequency

43
The site structure of Dovercorp.net

44
Summary

• Tasks of a network administrator include:

– Software installation
– Active Directory (AD) administration
– File and print administration
– Internet and remote access administration
– Network performance monitoring
– Troubleshooting
• Network administrator needs to follow a systematic
approach to troubleshooting network problems

45
Summary (Continued)

• Some tools that a network administrator can use

to help with routine network management
include:
– The Microsoft Management Console (MMC)
– The secondary logon service
– Command-line utilities, such as netdiag.exe and
the net command
• Active Directory is a directory service database
provided with Windows Server 2003 Operating
Systems
46
Summary (Continued)
• Logical components of an Active Directory
structure
– Domains and organizational units
– Trees and forests
– Global catalog
• Active Directory uses the DNS naming standard for
– IP name resolution
– Providing information on the location of network
services
• Active Directory replication traffic and network
logon traffic can be controlled by configuring sites
and site links

47