Active Directory Administration Tasks And Tools - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Active Directory Administration Tasks And Tools

Description:

Displays replication topology, monitors replication status, forces replication ... there is less demand for computer resources. 33. Scheduled Task. Wizard ... – PowerPoint PPT presentation

Number of Views:625
Avg rating:3.0/5.0
Slides: 35
Provided by: MikeS6
Category:

less

Transcript and Presenter's Notes

Title: Active Directory Administration Tasks And Tools


1
Active DirectoryAdministration Tasks And Tools
  • Active Directory Administration Tasks
  • Active Directory Administrative Tools
  • Using Microsoft Management Consoles
  • Using Task Scheduler

2
Active Directory Administrative Tasks
  • Microsoft Windows 2003 Active Directory
    Administrative Tasks

3
Administrative Categories
  • Configuring Active Directory
  • Administering users and groups
  • Securing network resources
  • Administering Active Directory
  • Administering the desktop computing environment
  • Securing Active Directory
  • Managing Active Directory performance
  • Installing Windows 2003 remotely

4
Active Directory Administrative Tools
  • Active Directory Administrative Tools
  • Other Active Directory Administrative Tools
  • The Microsoft Management Console (MMC)
  • Console Tree and Details Pane
  • Snap-Ins
  • Console Options
  • Author Mode

5
Administrative Tools Menu
  • Active Directory Domains and Trusts console
  • Active Directory Sites and Services console
  • Active Directory Users and Computers console

6
Active Directory Domains and Trusts Console
  • Assists management of trust relationships between
    domains
  • Windows 2003 domains in the same or different
    forests.
  • Pre-Windows 2003 domains.
  • Kerberos V5 realms.
  • Use the Active Directory Domains and Trusts
    console to
  • Provide interoperability with other domains by
    managing explicit domain trusts.
  • Change the mode of operation of a Windows 2003
    domain from mixed mode to native mode.
  • Add and remove alternative user principal name
    (UPN) suffixes used to create user logon names.
  • Transfer the domain naming operations master role
    from one domain controller to another.
  • Provide information about domain management.

7
Active Directory Sitesand Services Console
  • Publish sites to Active Directory to provide
    information about the physical structure of a
    network.
  • Active Directory uses this information to
    determine how to replicate directory information
    and handle service requests.

8
Active Directory Usersand Computers Console
  • Adds, modifies, deletes, and organizes Windows
    2003 user accounts, computer accounts, security
    and distribution groups, and published resources
    in the organizations directory
  • Manages domain controllers and OUs

9
Other Support Tools
  • Active Directory Schema Snap-In
  • Active Directory Support Tools

10
Support Tools(MMC Snap-In)
  • ADSI Edit
  • Used to view all objects in the directory, modify
    objects, and set ACLs on objects.
  • SIDwalker Security Administration Tools
  • Consists of three separate programs.
  • SHOWACCS.EXE and SIDWALK.EXE are command-line
    tools for examining and changing access control
    entries.
  • Security Migration Editor is an MMC snap-in tool
    for editing mapping between old and new security
    IDs (SIDs).

11
Support Tools (GUI)
  • LDP.EXE Active Directory Administration Tool
  • Allows LDAP operations to be performed against
    Active Directory
  • REPLMON.EXE Active Directory Replication Monitor
  • Displays replication topology, monitors
    replication status, forces replication events,
    and recalculates knowledge consistency checker

12
Support Tools(Command Line)
  • ACLDIAG.EXE ACL Diagnostics
  • DFSUTIL.EXE Distributed File System Utility
  • DNSCMD.EXE DNS Server Troubleshooting Tool
  • DSACLS.EXE View or modify the ACL of objects in
    Active Directory
  • DSASTAT.EXE Active Directory Diagnostic Tool
  • MOVETREE.EXE Active Directory Object Manager
  • NETDOM.EXE Windows 2003 Domain Manager
  • NLTEST.EXE Provides information about trusts and
    replication
  • REPADMIN.EXE Replication Diagnostics Tool
  • SDCHECCK.EXE Security Descriptor Check Utility

13
Active Directory Service Interfaces (ADSI)
  • Provides a simple, powerful, object-oriented
    interface to Active Directory
  • Makes it easy for programmers and administrators
    to create programs utilizing directory services
    by using high-level tools without having to worry
    about the underlying differences between the
    different namespaces
  • Fully programmable automation object for use by
    administrators
  • Provides the ability to build or buy programs
    that give a single point of access to multiple
    directories in a network environment, whether
    those directories are based on LDAP or another
    protocol

14
The Microsoft Management Console (MMC)
  • Used to create, save, and open collections of
    administrative tools.
  • Does not provide management functions itself, but
    is the program that hosts management applications
    called snap-ins.
  • Uses snap-ins to perform one or more
    administrative tasks.
  • Preconfigured MMCs contain commonly used
    snap-ins, which appear on the Administrative
    Tools menu.
  • Custom MMCs are created to perform a unique set
    of administrative tasks.
  • Preconfigured and custom MMCs can be used for
    remote administration.

15
Preconfigured MMCs
  • Contain one or more snap-ins that provide the
    functionality to perform a related set of
    administrative tasks.
  • Function in User mode unable to modify, save, or
    add additional snap-ins.
  • Windows 2003 Server and Windows 2003 Professional
    have different preconfigured MMCs.
  • Added by Windows 2003 when additional components
    are installed.

16
Typical PreconfiguredMMCs are Available for
  • Windows 2003 Professional, Windows 2003 Server
    stand-alone server, and Windows 2003 Server
    domain controllers
  • Windows 2003 Server stand-alone server and domain
    controllers
  • Windows 2003 Server domain controllers only
  • Windows 2003 Professional and Windows 2003 Server
    stand-alone server

17
Windows 2003 Professional, Windows 2003 Server
Stand-Alone Server, and Windows 2003 Server
Domain Controllers
  • Component Services
  • Computer Management
  • Data Sources (ODBC)
  • Event Viewer
  • Performance
  • Services

18
Windows 2003 Server Stand-Alone Server and Domain
Controllers
  • Configure Your Server
  • Distributed File System
  • Internet Services Manager
  • Licensing
  • Routing and Remote Access
  • Server Extensions Administrator
  • Telnet Server Administration

19
Domain Controllers Only
  • Active Directory Domains and Trusts
  • Active Directory Sites and Services
  • Active Directory Users and Computers
  • Dynamic Host Configuration Protocol (DHCP)
  • Domain Name System (DNS)
  • Domain controller Security Policy
  • Domain Security Policy

20
Professional and Server Stand-Alone Server
  • Local Security Policy

21
Sample MMC
22
Snap-Ins and Extensions
23
Stand-Alone Snap-Ins
  • Usually referred to simply as snap-ins
  • Used to perform Windows 2003 administrative tasks
  • Provide one function or a related set of functions

24
Extension Snap-Ins
  • Referred to simply as extensions.
  • Provide additional administrative functionality
    to another snap-in.
  • Designed to work with one or more stand-alone
    snap-ins.
  • Windows 2003 displays only extensions that are
    compatible with the stand-alone snap-in and
    places them in the appropriate location.
  • When a snap-in is added to a console, MMC adds
    all available extensions by default.
  • Extensions can be added to multiple snap-ins.
  • Some stand-alone snap-ins can use extensions that
    provide additional functionality.
  • Some snap-ins can act as a snap-in or an
    extension.

25
Console OptionsAuthor Mode
  • Full access to all MMC functionality
  • Adds or removes snap-ins
  • Creates new windows
  • Views all portions of the console tree
  • Saves MMCs

26
Console Options User Mode
  • Users cannot add or remove snap-ins, or save the
    MMC.
  • Three types of user modes allow different levels
    of access and functionality
  • Full Access
  • Limited Access, Multiple Windows
  • Limited Access, Single Window

27
Using MMCs
  • Using Preconfigured MMCs
  • Using Custom MMCs
  • Using MMCs for Remote Administration
  • Practice Using Microsoft Management Console

28
Options on the MMC Console Menu
  • New Create a new custom MMC console
  • Open Use a saved MMC console
  • Save or Save As Use the MMC console later
  • Add/Remove Snap-In Add or remove one or more
    snap-ins and their associated extensions to or
    from an MMC console
  • Options Configure the console mode and create a
    custom MMC console

29
Using MMCs forRemote Administration
  • Snap-in for remote administration can be set up
    when a custom MMC is created.
  • Remote administration allows administrative tasks
    to be performed from any location.
  • The design of each snap-in dictates whether or
    not it can be used for remote administration.
  • You must use specific snap-ins designed for
    remote administration.
  • If the snap-in is available for remote
    administration, Windows 2003 prompts for the
    target computer to administer.
  • The Windows 2003 Administration Tools Setup
    Wizard is simply a means for loading
    administrative tools to a remote machine.

30
Using Task Scheduler
  • Introduction to Task Scheduler
  • Practice Using Task Scheduler

31
Scheduled Task Wizard
32
Task Scheduler
  • Scheduled tasks are saved in the Scheduled Tasks
    folder in the Control Panel folder in My Computer
    and on the Accessories, System Tools menu.
  • Access scheduled tasks on another computer by
    browsing that computers resources using My
    Network Places allows tasks to be moved from one
    computer to another.
  • Use Task Scheduler to
  • Run maintenance utilities at specific intervals.
  • Run programs when there is less demand for
    computer resources.

33
Scheduled Task Wizard Options
  • Program to run The applications to be scheduled
  • Task name A descriptive name for the task
  • Frequency How often Windows 2003 will perform
    the task
  • Time and date Start time and start date for the
    task to occur
  • Name and password User name and password
    application will run under the security settings
    for this user account
  • Advanced properties Select this check box to
    display the Advanced Properties dialog box after
    clicking Finish

34
Scheduled Task WizardAdvanced Properties
  • Task Change the scheduled task, add parameters,
    or change the user account
  • Schedule Set and display multiple schedules for
    the same task
  • Settings Set options that can delete or stop a
    task, start or stop a task based on idle or
    non-idle time, start or stop a task if a computer
    is running on batteries, and wake the computer to
    run a task
  • Security Change the list of users and groups
    that have permission to perform the task, or
    change the permissions for a specific user or
    group
Write a Comment
User Comments (0)
About PowerShow.com