1 active directory administration tasks and tools active directory administration tasks active...
TRANSCRIPT
1
Active DirectoryAdministration Tasks And Tools
• Active Directory Administration Tasks
• Active Directory Administrative Tools
• Using Microsoft Management Consoles
• Using Task Scheduler
2
Active Directory Administrative Tasks
Microsoft Windows 2000 Active Directory Administrative Tasks
3
Administrative Categories
• Configuring Active Directory
• Administering users and groups
• Securing network resources
• Administering Active Directory
• Administering the desktop computing environment
• Securing Active Directory
• Managing Active Directory performance
• Installing Windows 2000 remotely
4
Active Directory Administrative Tools
• Active Directory Administrative Tools
• Other Active Directory Administrative Tools
• The Microsoft Management Console (MMC)
• Console Tree and Details Pane
• Snap-Ins
• Console Options
• Author Mode
5
Administrative Tools Menu
• Active Directory Domains and Trusts console
• Active Directory Sites and Services console
• Active Directory Users and Computers console
6
Active Directory Domains and Trusts Console• Assists management of trust relationships between domains
• Windows 2000 domains in the same or different forests.• Pre-Windows 2000 domains.• Kerberos V5 realms.
• Use the Active Directory Domains and Trusts console to
• Provide interoperability with other domains by managing explicit domain trusts.
• Change the mode of operation of a Windows 2000 domain from mixed mode to native mode.
• Add and remove alternative user principal name (UPN) suffixes used to create user logon names.
• Transfer the domain naming operations master role from one domain controller to another.
• Provide information about domain management.
7
Active Directory Sitesand Services Console
• Publish sites to Active Directory to provide information about the physical structure of a network.
• Active Directory uses this information to determine how to replicate directory information and handle service requests.
8
Active Directory Usersand Computers Console
• Adds, modifies, deletes, and organizes Windows 2000 user accounts, computer accounts, security and distribution groups, and published resources in the organization’s directory
• Manages domain controllers and OUs
9
Other Support Tools
• Active Directory Schema Snap-In
• Active Directory Support Tools
10
Support Tools(MMC Snap-In)
• ADSI Edit
• Used to view all objects in the directory, modify objects, and set ACLs on objects.
• SIDwalker: Security Administration Tools
• Consists of three separate programs.• SHOWACCS.EXE and SIDWALK.EXE are command-
line tools for examining and changing access control entries.
• Security Migration Editor is an MMC snap-in tool for editing mapping between old and new security IDs (SIDs).
11
Support Tools (GUI)
• LDP.EXE: Active Directory Administration Tool
• Allows LDAP operations to be performed against Active Directory
• REPLMON.EXE: Active Directory Replication Monitor
• Displays replication topology, monitors replication status, forces replication events, and recalculates knowledge consistency checker
12
Support Tools(Command Line)
• ACLDIAG.EXE: ACL Diagnostics
• DFSUTIL.EXE: Distributed File System Utility
• DNSCMD.EXE: DNS Server Troubleshooting Tool
• DSACLS.EXE: View or modify the ACL of objects in Active Directory
• DSASTAT.EXE: Active Directory Diagnostic Tool
• MOVETREE.EXE: Active Directory Object Manager
• NETDOM.EXE: Windows 2000 Domain Manager
• NLTEST.EXE: Provides information about trusts and replication
• REPADMIN.EXE: Replication Diagnostics Tool
• SDCHECCK.EXE: Security Descriptor Check Utility
13
Active Directory Service Interfaces (ADSI)
• Provides a simple, powerful, object-oriented interface to Active Directory
• Makes it easy for programmers and administrators to create programs utilizing directory services by using high-level tools without having to worry about the underlying differences between the different namespaces
• Fully programmable automation object for use by administrators
• Provides the ability to build or buy programs that give a single point of access to multiple directories in a network environment, whether those directories are based on LDAP or another protocol
14
The Microsoft Management Console (MMC)
• Used to create, save, and open collections of administrative tools.
• Does not provide management functions itself, but is the program that hosts management applications called snap-ins.
• Uses snap-ins to perform one or more administrative tasks.
• Preconfigured MMCs contain commonly used snap-ins, which appear on the Administrative Tools menu.
• Custom MMCs are created to perform a unique set of administrative tasks.
• Preconfigured and custom MMCs can be used for remote administration.
15
Preconfigured MMCs
• Contain one or more snap-ins that provide the functionality to perform a related set of administrative tasks.
• Function in User mode; unable to modify, save, or add additional snap-ins.
• Windows 2000 Server and Windows 2000 Professional have different preconfigured MMCs.
• Added by Windows 2000 when additional components are installed.
16
Typical PreconfiguredMMCs are Available for
• Windows 2000 Professional, Windows 2000 Server stand-alone server, and Windows 2000 Server domain controllers
• Windows 2000 Server stand-alone server and domain controllers
• Windows 2000 Server domain controllers only
• Windows 2000 Professional and Windows 2000 Server stand-alone server
17
Windows 2000 Professional, Windows 2000 Server Stand-Alone Server, and Windows 2000 Server Domain Controllers
• Component Services
• Computer Management
• Data Sources (ODBC)
• Event Viewer
• Performance
• Services
18
Windows 2000 Server Stand-Alone Server and Domain Controllers
• Configure Your Server
• Distributed File System
• Internet Services Manager
• Licensing
• Routing and Remote Access
• Server Extensions Administrator
• Telnet Server Administration
19
Domain Controllers Only
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• Active Directory Users and Computers
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Domain controller Security Policy
• Domain Security Policy
20
Professional and Server Stand-Alone Server
Local Security Policy
21
Sample MMC
22
Snap-Ins and Extensions
23
Stand-Alone Snap-Ins
• Usually referred to simply as snap-ins
• Used to perform Windows 2000 administrative tasks
• Provide one function or a related set of functions
24
Extension Snap-Ins• Referred to simply as extensions.
• Provide additional administrative functionality to another snap-in.
• Designed to work with one or more stand-alone snap-ins.
• Windows 2000 displays only extensions that are compatible with the stand-alone snap-in and places them in the appropriate location.
• When a snap-in is added to a console, MMC adds all available extensions by default.
• Extensions can be added to multiple snap-ins.
• Some stand-alone snap-ins can use extensions that provide additional functionality.
• Some snap-ins can act as a snap-in or an extension.
25
Console OptionsAuthor Mode
• Full access to all MMC functionality
• Adds or removes snap-ins
• Creates new windows
• Views all portions of the console tree
• Saves MMCs
26
Console Options User Mode
• Users cannot add or remove snap-ins, or save the MMC.
• Three types of user modes allow different levels of access and functionality:
• Full Access• Limited Access, Multiple Windows• Limited Access, Single Window
27
Using MMCs
• Using Preconfigured MMCs
• Using Custom MMCs
• Using MMCs for Remote Administration
• Practice: Using Microsoft Management Console
28
Options on the MMC Console Menu
• New: Create a new custom MMC console
• Open: Use a saved MMC console
• Save or Save As: Use the MMC console later
• Add/Remove Snap-In: Add or remove one or more snap-ins and their associated extensions to or from an MMC console
• Options: Configure the console mode and create a custom MMC console
29
Using MMCs forRemote Administration• Snap-in for remote administration can be set up when a
custom MMC is created.
• Remote administration allows administrative tasks to be performed from any location.
• The design of each snap-in dictates whether or not it can be used for remote administration.
• You must use specific snap-ins designed for remote administration.
• If the snap-in is available for remote administration, Windows 2000 prompts for the target computer to administer.
• The Windows 2000 Administration Tools Setup Wizard is simply a means for loading administrative tools to a remote machine.
30
Using Task Scheduler
• Introduction to Task Scheduler
• Practice: Using Task Scheduler
31
Scheduled Task Wizard
32
Task Scheduler
• Scheduled tasks are saved in the Scheduled Tasks folder in the Control Panel folder in My Computer and on the Accessories, System Tools menu.
• Access scheduled tasks on another computer by browsing that computer’s resources using My Network Places; allows tasks to be moved from one computer to another.
• Use Task Scheduler to
• Run maintenance utilities at specific intervals.• Run programs when there is less demand for
computer resources.
33
Scheduled Task Wizard Options
• Program to run: The applications to be scheduled
• Task name: A descriptive name for the task
• Frequency: How often Windows 2000 will perform the task
• Time and date: Start time and start date for the task to occur
• Name and password: User name and password; application will run under the security settings for this user account
• Advanced properties: Select this check box to display the Advanced Properties dialog box after clicking Finish
34
Scheduled Task WizardAdvanced Properties
• Task: Change the scheduled task, add parameters, or change the user account
• Schedule: Set and display multiple schedules for the same task
• Settings: Set options that can delete or stop a task, start or stop a task based on idle or non-idle time, start or stop a task if a computer is running on batteries, and wake the computer to run a task
• Security: Change the list of users and groups that have permission to perform the task, or change the permissions for a specific user or group