basics of wsa
TRANSCRIPT
-
8/8/2019 Basics of WSA
1/26
WSA Windows Server Administration
Subject Code: CP08-05-03Subject Name: Basics of WSA/LSATotal Duration: 30 Hours.
-
8/8/2019 Basics of WSA
2/26
yActive Directory directory service
IntelliMirror
Security Architecture
Terminal Services
An extensible and scalable directory service that uses a namespace based on
the Internet standard Domain Name System (DNS).
Change and configuration management features that support mirroring ofuser data and environment settings as well as central management of
software installation and maintenance.
The architecture provides improvements for smart cards, public and privateencryption keys, and security protocols. It also features tools for analyzing
system security and for applying uniform security settings to groups ofsystems.
Services that allow you to remotely log on to and manage other Windows Se2003 systems.
-
8/8/2019 Basics of WSA
3/26
Windows ScriptHost
A scripting environment for automating common administration tasks, such as
creating user accounts or generating reports from event logs.
Microsoft Windows Server 2003
yWindows Server 2003, Standard Edition
Designed to provide services and resources to other systems on a network.It's a direct replacement for Windows NT 4.0 Server and Windows 2000
Server. The operating system has a rich set of features and configurationoptions. Windows Server 2003, Standard Edition supports up to 4 gigabytes(GB) of RAM and two CPUs.
-
8/8/2019 Basics of WSA
4/26
yWindows Server 2003, Enterprise Edition
Extends the features provided in Windows Server 2003, Standard Editionto include support for Cluster Service, metadirectory services, and Servicesfor Macintosh. It also supports 64-bit Intel Itanium-based computers, hotswappable RAM, and nonuniform memory access (NUMA). Enterpriseservers can have up to 32 GB of RAM on x86, 64 GB of RAM on Itanium,and eight CPUs.
yWindows Server 2003, Datacenter Edition
The most robust Windows server. It has enhanced clustering features and
supports very large memory configurations with up to 64 GB of RAM on x86and 128 GB of RAM on Itanium. It has a minimum CPU requirement of 8 andcan support up 32 CPUs in all.
-
8/8/2019 Basics of WSA
5/26
yWindows Server 2003, Web Edition
Designed to provide Web services for deploying Web sites and Web-based
applications. As such, this server edition includes the Microsoft .NETFramework, Microsoft Internet Information Services (IIS), ASP.NET, andnetwork load-balancing features but lacks many other features, including
Active Directory.In fact, the only other key Windows features in this edition are the
Distributed File System (DFS), Encrypting File System (EFS), andRemote Desktop for administration. Windows Server 2003, Web Editionsupports up to 2 GB of RAM and two CPUs.
-
8/8/2019 Basics of WSA
6/26
Any server can support one or more of the following server roles:
y
Application serverA server that provides XML Web services, Web applications, and distributedapplications. When you configure a server with this role, IIS, COM+, and theMicrosoft .NET Framework are installed automatically. You also have theoption of adding Microsoft FrontPage Server Extensions and enabling or
disabling ASP.NET.
yDHCP server
A server that runs the Dynamic Host Configuration Protocol (DHCP) and canautomatically assign Internet Protocol (IP) addresses to clients on the
network. This option installs DHCP and starts the New Scope Wizard.
-
8/8/2019 Basics of WSA
7/26
yDNS server
A server that runs DNS resolves computer names to IP addresses and viceversa. This option installs DNS and starts the DNS Server Wizard.
yDomain controller
A server that provides directory services for the domain and has a directorystore. Domain controllers also manage the logon process and directorysearches. This option installs DNS and Active Directory.
yFile server
A server that serves and manages access to files. This option enables you toquickly configure disk quotas and indexing. You can also install theWeb-based file administration utility, which installs IIS and enables
Active Server Pages (ASP).
-
8/8/2019 Basics of WSA
8/26
yMail server (POP3, SMTP)A server that provides basic Post Office Protocol 3 (POP3) and Simple MailTransfer Protocol (SMTP) mail services so that POP3 mail clients can send andreceive mail in the domain. Once you install this service, you define a defaultdomain for mail exchange and then create and manage mailboxes. Thesebasic services are best for small offices or remote locations where e-mailexchange is needed but you don't need the power and versatility of MicrosoftExchange Server.
yPrint server
A server that provides and manages access to network printers, print queues,and printer drivers. This option enables you to quickly configure printers andprint drivers that the server should provide.
-
8/8/2019 Basics of WSA
9/26
yRemote access/VPN server
A server that routes network traffic and manages dial-up networking or virtualprivate networking (VPN). This option starts the Routing and Remote AccessSetup Wizard. You can configure routing and remote access to allow outgoingconnections only, incoming and outgoing connections, or no outside connectionsat all.
Server cluster node
A server that operates as part of a group of servers working together called acluster. This option starts the New Server Cluster Wizard, which allows you tocreate a new cluster group, or the Add Nodes Wizard, which allows you to addthe server to an existing cluster. (This server role is supported by theEnterprise and Datacenter versions only.)
-
8/8/2019 Basics of WSA
10/26
yStreaming media server
A server that provides streaming media content to other systems on the
network or the Internet. This option installs Windows Media Services. (Thisserver role is supported by the Standard and Enterprise versions only.)
yTerminal ServerA server that processes tasks for multiple client computers running in terminalServices mode. This option installs Terminal Server. You don't need to installTerminal Server to remotely manage this server. Remote Desktop is installedautomatically with the OS.
WINS server
A server that runs Windows Internet Name Service (WINS) resolves NetBIOSnames to IP addresses and vice versa. This option installs WINS.
-
8/8/2019 Basics of WSA
11/26
Table 1-1. Quick Reference
for Key Windows Server
2003 Administration Tools
Administrative Tool Purpose
-
8/8/2019 Basics of WSA
12/26
What Is Directory Service? (Notes)What Is Directory Service? (Notes)
A service that helps track and locate objects on anetwork
A service that helps track and locate objects on anetwork
Active Directory Management
UsersServicesWorkstations Files
-
8/8/2019 Basics of WSA
13/26
Active Directory DomainsActive Directory Domains
Boundary ofAuthentication
Boundary of
Policies
Boundary of Replication
CONTOSO.COM
-
8/8/2019 Basics of WSA
14/26
Active Directory TreesActive Directory Trees
CONTOSO.COM
US.CONTOSO.COM
SharedSchema
Configuration
Global Catalog
OHIO.US.CONTOSO.COM
-
8/8/2019 Basics of WSA
15/26
Transitive TrustsTransitive Trusts
CONTOSO.COM
US.CONTOSO.COM
UK.CONTOSO.COM
-
8/8/2019 Basics of WSA
16/26
What is an Organizational UnitWhat is an Organizational Unit
(OU)?(OU)?Implements a Structure inside a DomainImplements a Structure inside a DomainCan be nested as neededCan be nested as needed
CanCan notnot be assigned any rightsbe assigned any rightsTypically used for Administrative ReasonsTypically used for Administrative Reasons
e.g. System Policiese.g. System Policies
LA
Admin
New York
SalesAdmin Sales
-
8/8/2019 Basics of WSA
17/26
What is a Tree?What is a Tree?
Hierarchical Domain Structure inside aHierarchical Domain Structure inside asingle Namespacesingle Namespace
adiscon.comadiscon.com
la.adiscon.comla.adiscon.com
ny.adiscon.comny.adiscon.com
Transitive Trusts created automaticallyTransitive Trusts created automatically
SubSub--Domain must be added to RootDomain must be added to Root--DomainDomain otherwise there will be no tree!otherwise there will be no tree!
la.adiscon.com
adiscon.com
ny.adiscon.com
Tree
-
8/8/2019 Basics of WSA
18/26
What is a Forest?What is a Forest?
Combination of TreesCombination of Trees
Disjunct NamespacesDisjunct Namespaces
adiscon.deadiscon.de
adiscon.comadiscon.com
Transitive Trusts created automaticallyTransitive Trusts created automatically
There is one single treeThere is one single tree--root!root!
SubSub--Tree must be added to RootTree must be added to Root--Tree,Tree,otherwise no Forest will be createdotherwise no Forest will be created
-
8/8/2019 Basics of WSA
19/26
Domain
The TreeThe Tree--RootRoot
First Domain installedFirst Domain installed
Single SchemaSingle Schema
Absolutely vital!Absolutely vital!
OU
DomainOUOU
Objects
D
omain
Tree
Domain
Domain
Domain
Tree
Forest
-
8/8/2019 Basics of WSA
20/26
What is a DomainWhat is a Domain--Controller?Controller?
Stores a physical Copy of the ActiveStores a physical Copy of the ActiveDirectory DatabaseDirectory Database Currently a single Domain per DC supported!Currently a single Domain per DC supported! ESE95 Database (MS Exchange)ESE95 Database (MS Exchange)
Logon ServicesLogon Services KerberosKerberos LAN Manager AuthenticationLAN Manager Authentication
Recommendation: always have at least 2Recommendation: always have at least 2Domain Controllers!Domain Controllers!
-
8/8/2019 Basics of WSA
21/26
What is a Global CatalogWhat is a Global Catalog
Server?Server?Answers AD Search QueriesAnswers AD Search QueriesMust be present to successfully logonMust be present to successfully logon
Holds a copy of all Objects of the wholeHolds a copy of all Objects of the wholeForestForest
...but holds only a subset of the Attributes...but holds only a subset of the Attributes
User definableUser definable
Recommendation: at least one GC perRecommendation: at least one GC per(larger) Site(larger) Site
-
8/8/2019 Basics of WSA
22/26
Multi Master ReplicationMulti Master Replication
Updates can be applied to ANY DomainUpdates can be applied to ANY DomainControllerController
Will be Replicated to each other DomainWill be Replicated to each other Domain
Controls (inside that Domain) within 15Controls (inside that Domain) within 15MinutesMinutes
Optimized Algorithm reduces ReplicationOptimized Algorithm reduces Replication
TrafficTrafficNotNot time based (triggered on demand,time based (triggered on demand,
only)!only)!
-
8/8/2019 Basics of WSA
23/26
IntraIntra--Sites ReplicationSites Replication
All Domain Databases involvedAll Domain Databases involved
Changes are transmitted compressedChanges are transmitted compressed
via IP (RPC) or SMTPvia IP (RPC) or SMTP
SMTP not within a single domain!SMTP not within a single domain!
Time Replication occurs can be configuredTime Replication occurs can be configured
Volume of Replication Traffic can not beVolume of Replication Traffic can not berestricted!restricted!
Have an Eye on GCs!Have an Eye on GCs!
-
8/8/2019 Basics of WSA
24/26
Mixed vs. Native Mode?Mixed vs. Native Mode?
Mixed Mode supports Coexistence with NT4Mixed Mode supports Coexistence with NT4
DefaultDefault
NT 4 BDCs continue to workNT 4 BDCs continue to work
Enables Fallback Scenario during MigrationEnables Fallback Scenario during Migration
Only Native Mode supports all AD FeaturesOnly Native Mode supports all AD Features
More than 40 MB Domain Database SizeMore than 40 MB Domain Database Size
Mostly problemMostly problem--free MoveTreefree MoveTree
Universal Groups, Group nestingUniversal Groups, Group nesting
Once you have switched to Native Mode, thereOnce you have switched to Native Mode, thereis no way back to Mixed Mode!is no way back to Mixed Mode!
-
8/8/2019 Basics of WSA
25/26
What is Kerberos?What is Kerberos?
ageage--old Internetold Internet--StandardStandard -- maturemature
Commonly used under UnixCommonly used under Unix
Secure Authentication thanks toSecure Authentication thanks toEncryptionEncryption
StandardStandard--Authentication Model underAuthentication Model underWindows 2000Windows 2000
MicrosoftKerberos not fully compatible toMicrosoftKerberos not fully compatible toother Kerberos Implementationsother Kerberos Implementations
-
8/8/2019 Basics of WSA
26/26
GroupsGroups
Basically, like under NT 4Basically, like under NT 4
Local Groups are assigned PermissionsLocal Groups are assigned Permissions
Global Groups contain UsersGlobal Groups contain Users From a single DomainFrom a single Domain
Global Groups are members in Local Groups for PermissionGlobal Groups are members in Local Groups for Permissionassignmentassignment
New: Universal GroupsNew: Universal Groups
Can be used everywhere in every DomainCan be used everywhere in every Domain(Permissions, Members)(Permissions, Members)
Implemented via GCImplemented via GC
Replication traffic limits usabilityReplication traffic limits usability