Title: Windows Server 2003 Network Administration
1Chapter 1
- Windows Server 2003 Network Administration
2Objectives
- List the various tasks of a Windows Server 2003
Network administrator - Understand general troubleshooting techniques
- Ease network management with the help of various
Windows Server 2003 Administration Tools - Explain Windows Server 2003 Active Directory
concepts
3Network Administration Overview
- Some of the tasks of a Windows Server 2003
Network administrator - Installing and maintaining the operating system
- Administering Active Directory
- Administering file and print resources
- Administering Internet resources
- Administering the network infrastructure
- Monitoring and troubleshooting Windows Server
2003 - Administering Routing and Remote Access Services
(RRAS)
4Installing and Maintaining the Operating System
- Tasks related to the operating system
- Install the client workstation operating systems
- Install and configure the server environment
- Troubleshoot and resolve installation problems
- Install and manage the required service packs and
hot fixes
5Administering Active Directory
- Involves
- Creating and modifying user objects
- Creating and modifying computer objects
- Creating and modifying group objects
- Managing Active Directory container and object
permissions - Creating and troubleshooting Group Policy objects
- Group Policy a Windows Server 2003 feature that
enables you to create policies that affect domain
users and computers
6Administering File and Print Resources
- Tasks included in administering file and print
resources - Troubleshooting user access to files and printers
- Planning and maintaining the most efficient and
secure way for users to work with file and print
resources
7Administering Internet Resources
- Internet administration
- Needed because of B2B and B2C online commerce
opportunities - Requires mastery of the configuration options
within the Windows Server 2003 IIS, including - Providing secure access to Internet-accessible
resources - Troubleshooting client connectivity problems
8Administering the Network Infrastructure
- Administering the network infrastructure requires
maintaining and troubleshooting network services,
protocols, and hardware - TCP/IP protocol
- Used by Windows Server 2003 for network
communications throughout the infrastructure and
the Internet - Domain Name System (DNS) service
- Provides name resolution and network service
location capabilities
9Administering the Network Infrastructure
(Continued)
- Routers
- Dynamic Host Configuration Protocol (DHCP)
servers - WINS servers
10Monitoring and Troubleshooting Windows Server 2003
- Maintenance
- Monitoring server health
- Monitoring system performance
- Maintenance tools
- System Monitor
- Event Viewer
- Troubleshooting tools
- Recovery Console
- Safe Mode
11Administering Routing and Remote Access Services
- Windows Server 2003 Routing and Remote Access
Services (RRAS) - Access to the company network using dial-up
modems - Virtual private networking (VPN)
- Internet connection sharing (ICS)
- Network address translation (NAT)
- A basic firewall
- Remote Desktop for Administration
- Enables administrators to network servers remotely
12Network Administration Procedures
- Possible reasons for network problems
- Hardware failures
- Security or virus attacks
- File corruption
13Network Troubleshooting Process
- A systematic approach to troubleshooting helps
- Define the exact problem
- Quickly solve the problem
- Steps of a successful troubleshooting process
- Define the problem
- Gather detailed information about what has
changed - Devise a plan to solve the problem
- Implement the plan and observe the results
- Document all changes and results
14Windows Server 2003 Management Tools
- Features and utilities that assist in daily
management tasks - The Microsoft Management Console (MMC)
- The secondary logon feature
- The Task Scheduler
- The netdiag command
- The Shutdown Event Tracker
- Logs each time a server is shut down or restarted
15Windows Server 2003 Management Tools (Continued)
- The Microsoft Management Console
- A customizable management framework that can host
a number of management tools - Saved as a Management Saved Console (MSC) file
with the .msc extension - Snap-ins
- Management tools that are added to the MMC
- Can be obtained from Microsoft or third-party
companies
16An Empty MMC
17Add/Remove Snap-in dialog box
18Customized MMC
19Windows Server 2003 Management Tools (Continued)
- Taskpad view
- Simplifies administrative procedures
- Provides a graphical representation of the tasks
that can be performed in an MMC
20Taskpad view of the Services snap-in
21The Secondary Logon Feature
- Network administrators should keep two accounts
- One for network management
- One for nonadministrative tasks
- The secondary logon feature allows the
administrator to - Log on with the regular user account, then
- Open administrative tools as an administrator
- Administrator account
- A command prompt can be used to start applications
22Run As dialog box
23Additional Administrator Utilities
- Several additional utilities are available with
Windows Server 2003 or the Windows Server 2003
Resource Kit - Examples
- Windows Server 2003 Task Scheduler
- netdiag
- net command
24Introduction to Windows Server 2003 Active
Directory
- Active Directory
- A directory service database
- Services and features
- Central point for storing, organizing, managing,
and controlling network objects - Single point of administration of objects and
Active Directory-published resources - Logon and authentication services for users
- Delegation of administration
25Introduction to Windows Server 2003 Active
Directory
- The Active Directory database
- Can be stored on any Windows Server 2003 server
promoted to domain controller - Multi-master replication
- Each domain controller throughout the network has
a writeable copy of directory database - Provides a form of fault-tolerance
- Active Directory
- Uses DNS to
- Maintain domain-naming structures
- Locate network resources
26Active Directory Objects
- An object
- Represents network resources, such as
- Users
- Groups
- Computers
- Printers
- Possesses attributes that provide information
about the object - Active Directory stores a variety of objects
within the database
27The Active Directory Schema
- Active Directory schema
- Defines objects and attributes for entire Active
Directory structure - Consists of two main definitions
- Object classes
- Attributes
- Stored in the Active Directory database
- Replicated among all domain controllers within
the network
28Active Directory Components
- Logical components of the Active Directory
- Provide a way to design and administer the
hierarchical, logical structure of the network - Include
- Domains and organizational units
- Trees and forests
- A global catalog
29Active Directory Components (Continued)
- Windows Server 2003 domain
- Logically structured organization of objects that
- Are part of a network, and
- Share a common directory database
- Each domain
- Has a unique name
- Is organized in levels
- Is administered as a unit with common rules and
procedures - Is defined by an IP address on the Internet
30Active Directory Components (Continued)
- Domains provide the ability to
- Configure unique security settings
- Decentralize administration
- Control replication traffic
- An organizational unit (OU)
- A logical container used to organize objects
within a single domain
31Active Directory Components (Continued)
- Benefits of using OUs
- Easier to locate and manage the Active Directory
objects - Define more advanced features by applying Group
Policy to an OU - Delegate administrative control over OUs
32An Active Directory Domain and OU structure
33Active Directory Components (Continued)
- Trees and forests
- Forest root domain
- First Active Directory domain created in an
organization - Tree
- Hierarchical collection of domains that share a
contiguous DNS namespace
34Active Directory Components (Continued)
- Whenever a child domain is created, a two-way,
transitive trust relationship is automatically
created between the child and parent domains - Transitive trust
- All other trusted domains implicitly trust one
another
35The Dovercorp.net domain tree
36Active Directory Components (Continued)
- Forest
- Collection of trees that do not share a
contiguous DNS naming structure - The trees in a forest share a single Active
Directory schema - Enterprise Admins
- Special user group
- Allows members to manage objects throughout the
entire forest
37Example of an Active Directory forest
38Active Directory Components (Continued)
- Global catalog
- Index and partial replica of the objects and
attributes most frequently used throughout the
entire Active Directory structure - Replicated to any server within the forest that
is configured to be a global catalog server - The first domain controller in Active Directory
automatically becomes a global catalog server - Additional domain controllers can also be
configured to be global catalog servers
39Active Directory Communication Standards
- DNS naming standard
- Used by Active Directory for
- IP name resolution
- Providing information on the location of network
services and resources - Lightweight Directory Access Protocol (LDAP)
- Used to query or update the Active Directory
database directly
40Active Directory Communication Standards
(Continued)
- LDAP naming paths
- Used when referring to objects stored within the
Active Directory - Main components
- Distinguished name
- Relative distinguished name
41Active Directory Physical Structure
- Relates to the actual connectivity of the
physical network - Aims regarding replication
- Make sure that any modification to the Active
Directory database is replicated as quickly as
possible between domain controllers - Make sure that replication does not saturate the
available network bandwidth
42Active Directory Physical Structure (Continued)
- Sites and site links can be configured to control
- Active Directory replication traffic
- Network logon traffic
- Active Directory site
- Combination of one or more Internet Protocol (IP)
subnets connected by a high-speed connection
43Active Directory Physical Structure (Continued)
- A site link
- A configurable object that represents a
low-bandwidth or unreliable/occasional connection
between sites - Can be adjusted for
- Replication availability
- Bandwidth costs
- Replication frequency
44The site structure of Dovercorp.net
45Summary
- Tasks of a network administrator include
- Software installation
- Active Directory (AD) administration
- File and print administration
- Internet and remote access administration
- Network performance monitoring
- Troubleshooting
- Network administrator needs to follow a
systematic approach to troubleshooting network
problems
46Summary (Continued)
- Some tools that a network administrator can use
to help with routine network management include - The Microsoft Management Console (MMC)
- The secondary logon service
- Command-line utilities, such as netdiag.exe and
the net command - Active Directory is a directory service database
provided with Windows Server 2003 Operating
Systems
47Summary (Continued)
- Logical components of an Active Directory
structure - Domains and organizational units
- Trees and forests
- Global catalog
- Active Directory uses the DNS naming standard for
- IP name resolution
- Providing information on the location of network
services - Active Directory replication traffic and network
logon traffic can be controlled by configuring
sites and site links