Title: Active Directory Administration Tasks And Tools
1Active DirectoryAdministration Tasks And Tools
- Active Directory Administration Tasks
- Active Directory Administrative Tools
- Using Microsoft Management Consoles
- Using Task Scheduler
2Active Directory Administrative Tasks
- Microsoft Windows 2003 Active Directory
Administrative Tasks
3Administrative Categories
- Configuring Active Directory
- Administering users and groups
- Securing network resources
- Administering Active Directory
- Administering the desktop computing environment
- Securing Active Directory
- Managing Active Directory performance
- Installing Windows 2003 remotely
4Active Directory Administrative Tools
- Active Directory Administrative Tools
- Other Active Directory Administrative Tools
- The Microsoft Management Console (MMC)
- Console Tree and Details Pane
- Snap-Ins
- Console Options
- Author Mode
5Administrative Tools Menu
- Active Directory Domains and Trusts console
- Active Directory Sites and Services console
- Active Directory Users and Computers console
6Active Directory Domains and Trusts Console
- Assists management of trust relationships between
domains - Windows 2003 domains in the same or different
forests. - Pre-Windows 2003 domains.
- Kerberos V5 realms.
- Use the Active Directory Domains and Trusts
console to - Provide interoperability with other domains by
managing explicit domain trusts. - Change the mode of operation of a Windows 2003
domain from mixed mode to native mode. - Add and remove alternative user principal name
(UPN) suffixes used to create user logon names. - Transfer the domain naming operations master role
from one domain controller to another. - Provide information about domain management.
7Active Directory Sitesand Services Console
- Publish sites to Active Directory to provide
information about the physical structure of a
network. - Active Directory uses this information to
determine how to replicate directory information
and handle service requests.
8Active Directory Usersand Computers Console
- Adds, modifies, deletes, and organizes Windows
2003 user accounts, computer accounts, security
and distribution groups, and published resources
in the organizations directory - Manages domain controllers and OUs
9Other Support Tools
- Active Directory Schema Snap-In
- Active Directory Support Tools
10Support Tools(MMC Snap-In)
- ADSI Edit
- Used to view all objects in the directory, modify
objects, and set ACLs on objects. - SIDwalker Security Administration Tools
- Consists of three separate programs.
- SHOWACCS.EXE and SIDWALK.EXE are command-line
tools for examining and changing access control
entries. - Security Migration Editor is an MMC snap-in tool
for editing mapping between old and new security
IDs (SIDs).
11Support Tools (GUI)
- LDP.EXE Active Directory Administration Tool
- Allows LDAP operations to be performed against
Active Directory - REPLMON.EXE Active Directory Replication Monitor
- Displays replication topology, monitors
replication status, forces replication events,
and recalculates knowledge consistency checker
12Support Tools(Command Line)
- ACLDIAG.EXE ACL Diagnostics
- DFSUTIL.EXE Distributed File System Utility
- DNSCMD.EXE DNS Server Troubleshooting Tool
- DSACLS.EXE View or modify the ACL of objects in
Active Directory - DSASTAT.EXE Active Directory Diagnostic Tool
- MOVETREE.EXE Active Directory Object Manager
- NETDOM.EXE Windows 2003 Domain Manager
- NLTEST.EXE Provides information about trusts and
replication - REPADMIN.EXE Replication Diagnostics Tool
- SDCHECCK.EXE Security Descriptor Check Utility
13Active Directory Service Interfaces (ADSI)
- Provides a simple, powerful, object-oriented
interface to Active Directory - Makes it easy for programmers and administrators
to create programs utilizing directory services
by using high-level tools without having to worry
about the underlying differences between the
different namespaces - Fully programmable automation object for use by
administrators - Provides the ability to build or buy programs
that give a single point of access to multiple
directories in a network environment, whether
those directories are based on LDAP or another
protocol
14The Microsoft Management Console (MMC)
- Used to create, save, and open collections of
administrative tools. - Does not provide management functions itself, but
is the program that hosts management applications
called snap-ins. - Uses snap-ins to perform one or more
administrative tasks. - Preconfigured MMCs contain commonly used
snap-ins, which appear on the Administrative
Tools menu. - Custom MMCs are created to perform a unique set
of administrative tasks. - Preconfigured and custom MMCs can be used for
remote administration.
15Preconfigured MMCs
- Contain one or more snap-ins that provide the
functionality to perform a related set of
administrative tasks. - Function in User mode unable to modify, save, or
add additional snap-ins. - Windows 2003 Server and Windows 2003 Professional
have different preconfigured MMCs. - Added by Windows 2003 when additional components
are installed.
16Typical PreconfiguredMMCs are Available for
- Windows 2003 Professional, Windows 2003 Server
stand-alone server, and Windows 2003 Server
domain controllers - Windows 2003 Server stand-alone server and domain
controllers - Windows 2003 Server domain controllers only
- Windows 2003 Professional and Windows 2003 Server
stand-alone server
17Windows 2003 Professional, Windows 2003 Server
Stand-Alone Server, and Windows 2003 Server
Domain Controllers
- Component Services
- Computer Management
- Data Sources (ODBC)
- Event Viewer
- Performance
- Services
18Windows 2003 Server Stand-Alone Server and Domain
Controllers
- Configure Your Server
- Distributed File System
- Internet Services Manager
- Licensing
- Routing and Remote Access
- Server Extensions Administrator
- Telnet Server Administration
19Domain Controllers Only
- Active Directory Domains and Trusts
- Active Directory Sites and Services
- Active Directory Users and Computers
- Dynamic Host Configuration Protocol (DHCP)
- Domain Name System (DNS)
- Domain controller Security Policy
- Domain Security Policy
20Professional and Server Stand-Alone Server
21Sample MMC
22Snap-Ins and Extensions
23Stand-Alone Snap-Ins
- Usually referred to simply as snap-ins
- Used to perform Windows 2003 administrative tasks
- Provide one function or a related set of functions
24Extension Snap-Ins
- Referred to simply as extensions.
- Provide additional administrative functionality
to another snap-in. - Designed to work with one or more stand-alone
snap-ins. - Windows 2003 displays only extensions that are
compatible with the stand-alone snap-in and
places them in the appropriate location. - When a snap-in is added to a console, MMC adds
all available extensions by default. - Extensions can be added to multiple snap-ins.
- Some stand-alone snap-ins can use extensions that
provide additional functionality. - Some snap-ins can act as a snap-in or an
extension.
25Console OptionsAuthor Mode
- Full access to all MMC functionality
- Adds or removes snap-ins
- Creates new windows
- Views all portions of the console tree
- Saves MMCs
26Console Options User Mode
- Users cannot add or remove snap-ins, or save the
MMC. - Three types of user modes allow different levels
of access and functionality - Full Access
- Limited Access, Multiple Windows
- Limited Access, Single Window
27Using MMCs
- Using Preconfigured MMCs
- Using Custom MMCs
- Using MMCs for Remote Administration
- Practice Using Microsoft Management Console
28Options on the MMC Console Menu
- New Create a new custom MMC console
- Open Use a saved MMC console
- Save or Save As Use the MMC console later
- Add/Remove Snap-In Add or remove one or more
snap-ins and their associated extensions to or
from an MMC console - Options Configure the console mode and create a
custom MMC console
29Using MMCs forRemote Administration
- Snap-in for remote administration can be set up
when a custom MMC is created. - Remote administration allows administrative tasks
to be performed from any location. - The design of each snap-in dictates whether or
not it can be used for remote administration. - You must use specific snap-ins designed for
remote administration. - If the snap-in is available for remote
administration, Windows 2003 prompts for the
target computer to administer. - The Windows 2003 Administration Tools Setup
Wizard is simply a means for loading
administrative tools to a remote machine.
30Using Task Scheduler
- Introduction to Task Scheduler
- Practice Using Task Scheduler
31Scheduled Task Wizard
32Task Scheduler
- Scheduled tasks are saved in the Scheduled Tasks
folder in the Control Panel folder in My Computer
and on the Accessories, System Tools menu. - Access scheduled tasks on another computer by
browsing that computers resources using My
Network Places allows tasks to be moved from one
computer to another. - Use Task Scheduler to
- Run maintenance utilities at specific intervals.
- Run programs when there is less demand for
computer resources.
33Scheduled Task Wizard Options
- Program to run The applications to be scheduled
- Task name A descriptive name for the task
- Frequency How often Windows 2003 will perform
the task - Time and date Start time and start date for the
task to occur - Name and password User name and password
application will run under the security settings
for this user account - Advanced properties Select this check box to
display the Advanced Properties dialog box after
clicking Finish
34Scheduled Task WizardAdvanced Properties
- Task Change the scheduled task, add parameters,
or change the user account - Schedule Set and display multiple schedules for
the same task - Settings Set options that can delete or stop a
task, start or stop a task based on idle or
non-idle time, start or stop a task if a computer
is running on batteries, and wake the computer to
run a task - Security Change the list of users and groups
that have permission to perform the task, or
change the permissions for a specific user or
group