Active Directory Administration Tasks And Tools

1
Active DirectoryAdministration Tasks And Tools

• Active Directory Administration Tasks
• Active Directory Administrative Tools
• Using Microsoft Management Consoles
• Using Task Scheduler

2
Active Directory Administrative Tasks

• Microsoft Windows 2003 Active Directory
  Administrative Tasks

3
Administrative Categories

• Configuring Active Directory
• Administering users and groups
• Securing network resources
• Administering Active Directory
• Administering the desktop computing environment
• Securing Active Directory
• Managing Active Directory performance
• Installing Windows 2003 remotely

4
Active Directory Administrative Tools

• Active Directory Administrative Tools
• Other Active Directory Administrative Tools
• The Microsoft Management Console (MMC)
• Console Tree and Details Pane
• Snap-Ins
• Console Options
• Author Mode

5
Administrative Tools Menu

• Active Directory Domains and Trusts console
• Active Directory Sites and Services console
• Active Directory Users and Computers console

6
Active Directory Domains and Trusts Console

• Assists management of trust relationships between
  domains
• Windows 2003 domains in the same or different
  forests.
• Pre-Windows 2003 domains.
• Kerberos V5 realms.
• Use the Active Directory Domains and Trusts
  console to
• Provide interoperability with other domains by
  managing explicit domain trusts.
• Change the mode of operation of a Windows 2003
  domain from mixed mode to native mode.
• Add and remove alternative user principal name
  (UPN) suffixes used to create user logon names.
• Transfer the domain naming operations master role
  from one domain controller to another.
• Provide information about domain management.

7
Active Directory Sitesand Services Console

• Publish sites to Active Directory to provide
  information about the physical structure of a
  network.
• Active Directory uses this information to
  determine how to replicate directory information
  and handle service requests.

8
Active Directory Usersand Computers Console

• Adds, modifies, deletes, and organizes Windows
  2003 user accounts, computer accounts, security
  and distribution groups, and published resources
  in the organizations directory
• Manages domain controllers and OUs

9
Other Support Tools

• Active Directory Schema Snap-In
• Active Directory Support Tools

10
Support Tools(MMC Snap-In)

• ADSI Edit
• Used to view all objects in the directory, modify
  objects, and set ACLs on objects.
• SIDwalker Security Administration Tools
• Consists of three separate programs.
• SHOWACCS.EXE and SIDWALK.EXE are command-line
  tools for examining and changing access control
  entries.
• Security Migration Editor is an MMC snap-in tool
  for editing mapping between old and new security
  IDs (SIDs).

11
Support Tools (GUI)

• LDP.EXE Active Directory Administration Tool
• Allows LDAP operations to be performed against
  Active Directory
• REPLMON.EXE Active Directory Replication Monitor
• Displays replication topology, monitors
  replication status, forces replication events,
  and recalculates knowledge consistency checker

12
Support Tools(Command Line)

• ACLDIAG.EXE ACL Diagnostics
• DFSUTIL.EXE Distributed File System Utility
• DNSCMD.EXE DNS Server Troubleshooting Tool
• DSACLS.EXE View or modify the ACL of objects in
  Active Directory
• DSASTAT.EXE Active Directory Diagnostic Tool
• MOVETREE.EXE Active Directory Object Manager
• NETDOM.EXE Windows 2003 Domain Manager
• NLTEST.EXE Provides information about trusts and
  replication
• REPADMIN.EXE Replication Diagnostics Tool
• SDCHECCK.EXE Security Descriptor Check Utility

13
Active Directory Service Interfaces (ADSI)

• Provides a simple, powerful, object-oriented
  interface to Active Directory
• Makes it easy for programmers and administrators
  to create programs utilizing directory services
  by using high-level tools without having to worry
  about the underlying differences between the
  different namespaces
• Fully programmable automation object for use by
  administrators
• Provides the ability to build or buy programs
  that give a single point of access to multiple
  directories in a network environment, whether
  those directories are based on LDAP or another
  protocol

14
The Microsoft Management Console (MMC)

• Used to create, save, and open collections of
  administrative tools.
• Does not provide management functions itself, but
  is the program that hosts management applications
  called snap-ins.
• Uses snap-ins to perform one or more
  administrative tasks.
• Preconfigured MMCs contain commonly used
  snap-ins, which appear on the Administrative
  Tools menu.
• Custom MMCs are created to perform a unique set
  of administrative tasks.
• Preconfigured and custom MMCs can be used for
  remote administration.

15
Preconfigured MMCs

• Contain one or more snap-ins that provide the
  functionality to perform a related set of
  administrative tasks.
• Function in User mode unable to modify, save, or
  add additional snap-ins.
• Windows 2003 Server and Windows 2003 Professional
  have different preconfigured MMCs.
• Added by Windows 2003 when additional components
  are installed.

16
Typical PreconfiguredMMCs are Available for

• Windows 2003 Professional, Windows 2003 Server
  stand-alone server, and Windows 2003 Server
  domain controllers
• Windows 2003 Server stand-alone server and domain
  controllers
• Windows 2003 Server domain controllers only
• Windows 2003 Professional and Windows 2003 Server
  stand-alone server

17
Windows 2003 Professional, Windows 2003 Server
Stand-Alone Server, and Windows 2003 Server
Domain Controllers

• Component Services
• Computer Management
• Data Sources (ODBC)
• Event Viewer
• Performance
• Services

18
Windows 2003 Server Stand-Alone Server and Domain
Controllers

• Configure Your Server
• Distributed File System
• Internet Services Manager
• Licensing
• Routing and Remote Access
• Server Extensions Administrator
• Telnet Server Administration

19
Domain Controllers Only

• Active Directory Domains and Trusts
• Active Directory Sites and Services
• Active Directory Users and Computers
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Domain controller Security Policy
• Domain Security Policy

20
Professional and Server Stand-Alone Server

• Local Security Policy

21
Sample MMC
22
Snap-Ins and Extensions
23
Stand-Alone Snap-Ins

• Usually referred to simply as snap-ins
• Used to perform Windows 2003 administrative tasks
• Provide one function or a related set of functions

24
Extension Snap-Ins

• Referred to simply as extensions.
• Provide additional administrative functionality
  to another snap-in.
• Designed to work with one or more stand-alone
  snap-ins.
• Windows 2003 displays only extensions that are
  compatible with the stand-alone snap-in and
  places them in the appropriate location.
• When a snap-in is added to a console, MMC adds
  all available extensions by default.
• Extensions can be added to multiple snap-ins.
• Some stand-alone snap-ins can use extensions that
  provide additional functionality.
• Some snap-ins can act as a snap-in or an
  extension.

25
Console OptionsAuthor Mode

• Full access to all MMC functionality
• Adds or removes snap-ins
• Creates new windows
• Views all portions of the console tree
• Saves MMCs

26
Console Options User Mode

• Users cannot add or remove snap-ins, or save the
  MMC.
• Three types of user modes allow different levels
  of access and functionality
• Full Access
• Limited Access, Multiple Windows
• Limited Access, Single Window

27
Using MMCs

• Using Preconfigured MMCs
• Using Custom MMCs
• Using MMCs for Remote Administration
• Practice Using Microsoft Management Console

28
Options on the MMC Console Menu

• New Create a new custom MMC console
• Open Use a saved MMC console
• Save or Save As Use the MMC console later
• Add/Remove Snap-In Add or remove one or more
  snap-ins and their associated extensions to or
  from an MMC console
• Options Configure the console mode and create a
  custom MMC console

29
Using MMCs forRemote Administration

• Snap-in for remote administration can be set up
  when a custom MMC is created.
• Remote administration allows administrative tasks
  to be performed from any location.
• The design of each snap-in dictates whether or
  not it can be used for remote administration.
• You must use specific snap-ins designed for
  remote administration.
• If the snap-in is available for remote
  administration, Windows 2003 prompts for the
  target computer to administer.
• The Windows 2003 Administration Tools Setup
  Wizard is simply a means for loading
  administrative tools to a remote machine.

30
Using Task Scheduler

• Introduction to Task Scheduler
• Practice Using Task Scheduler

31
Scheduled Task Wizard
32
Task Scheduler

• Scheduled tasks are saved in the Scheduled Tasks
  folder in the Control Panel folder in My Computer
  and on the Accessories, System Tools menu.
• Access scheduled tasks on another computer by
  browsing that computers resources using My
  Network Places allows tasks to be moved from one
  computer to another.
• Use Task Scheduler to
• Run maintenance utilities at specific intervals.
• Run programs when there is less demand for
  computer resources.

33
Scheduled Task Wizard Options

• Program to run The applications to be scheduled
• Task name A descriptive name for the task
• Frequency How often Windows 2003 will perform
  the task
• Time and date Start time and start date for the
  task to occur
• Name and password User name and password
  application will run under the security settings
  for this user account
• Advanced properties Select this check box to
  display the Advanced Properties dialog box after
  clicking Finish

34
Scheduled Task WizardAdvanced Properties

• Task Change the scheduled task, add parameters,
  or change the user account
• Schedule Set and display multiple schedules for
  the same task
• Settings Set options that can delete or stop a
  task, start or stop a task based on idle or
  non-idle time, start or stop a task if a computer
  is running on batteries, and wake the computer to
  run a task
• Security Change the list of users and groups
  that have permission to perform the task, or
  change the permissions for a specific user or
  group