basics of wsa

8/8/2019 Basics of WSA

1/26

WSA Windows Server Administration

Subject Code: CP08-05-03Subject Name: Basics of WSA/LSATotal Duration: 30 Hours.


2/26

yActive Directory directory service

IntelliMirror

Security Architecture

Terminal Services

An extensible and scalable directory service that uses a namespace based on

the Internet standard Domain Name System (DNS).

Change and configuration management features that support mirroring ofuser data and environment settings as well as central management of

software installation and maintenance.

The architecture provides improvements for smart cards, public and privateencryption keys, and security protocols. It also features tools for analyzing

system security and for applying uniform security settings to groups ofsystems.

Services that allow you to remotely log on to and manage other Windows Se2003 systems.


3/26

Windows ScriptHost

A scripting environment for automating common administration tasks, such as

creating user accounts or generating reports from event logs.

Microsoft Windows Server 2003

yWindows Server 2003, Standard Edition

Designed to provide services and resources to other systems on a network.It's a direct replacement for Windows NT 4.0 Server and Windows 2000

Server. The operating system has a rich set of features and configurationoptions. Windows Server 2003, Standard Edition supports up to 4 gigabytes(GB) of RAM and two CPUs.


4/26

yWindows Server 2003, Enterprise Edition

Extends the features provided in Windows Server 2003, Standard Editionto include support for Cluster Service, metadirectory services, and Servicesfor Macintosh. It also supports 64-bit Intel Itanium-based computers, hotswappable RAM, and nonuniform memory access (NUMA). Enterpriseservers can have up to 32 GB of RAM on x86, 64 GB of RAM on Itanium,and eight CPUs.

yWindows Server 2003, Datacenter Edition

The most robust Windows server. It has enhanced clustering features and

supports very large memory configurations with up to 64 GB of RAM on x86and 128 GB of RAM on Itanium. It has a minimum CPU requirement of 8 andcan support up 32 CPUs in all.


5/26

yWindows Server 2003, Web Edition

Designed to provide Web services for deploying Web sites and Web-based

applications. As such, this server edition includes the Microsoft .NETFramework, Microsoft Internet Information Services (IIS), ASP.NET, andnetwork load-balancing features but lacks many other features, including

Active Directory.In fact, the only other key Windows features in this edition are the

Distributed File System (DFS), Encrypting File System (EFS), andRemote Desktop for administration. Windows Server 2003, Web Editionsupports up to 2 GB of RAM and two CPUs.


6/26

Any server can support one or more of the following server roles:

y

Application serverA server that provides XML Web services, Web applications, and distributedapplications. When you configure a server with this role, IIS, COM+, and theMicrosoft .NET Framework are installed automatically. You also have theoption of adding Microsoft FrontPage Server Extensions and enabling or

disabling ASP.NET.

yDHCP server

A server that runs the Dynamic Host Configuration Protocol (DHCP) and canautomatically assign Internet Protocol (IP) addresses to clients on the

network. This option installs DHCP and starts the New Scope Wizard.


7/26

yDNS server

A server that runs DNS resolves computer names to IP addresses and viceversa. This option installs DNS and starts the DNS Server Wizard.

yDomain controller

A server that provides directory services for the domain and has a directorystore. Domain controllers also manage the logon process and directorysearches. This option installs DNS and Active Directory.

yFile server

A server that serves and manages access to files. This option enables you toquickly configure disk quotas and indexing. You can also install theWeb-based file administration utility, which installs IIS and enables

Active Server Pages (ASP).


8/26

yMail server (POP3, SMTP)A server that provides basic Post Office Protocol 3 (POP3) and Simple MailTransfer Protocol (SMTP) mail services so that POP3 mail clients can send andreceive mail in the domain. Once you install this service, you define a defaultdomain for mail exchange and then create and manage mailboxes. Thesebasic services are best for small offices or remote locations where e-mailexchange is needed but you don't need the power and versatility of MicrosoftExchange Server.

yPrint server

A server that provides and manages access to network printers, print queues,and printer drivers. This option enables you to quickly configure printers andprint drivers that the server should provide.


9/26

yRemote access/VPN server

A server that routes network traffic and manages dial-up networking or virtualprivate networking (VPN). This option starts the Routing and Remote AccessSetup Wizard. You can configure routing and remote access to allow outgoingconnections only, incoming and outgoing connections, or no outside connectionsat all.

Server cluster node

A server that operates as part of a group of servers working together called acluster. This option starts the New Server Cluster Wizard, which allows you tocreate a new cluster group, or the Add Nodes Wizard, which allows you to addthe server to an existing cluster. (This server role is supported by theEnterprise and Datacenter versions only.)


10/26

yStreaming media server

A server that provides streaming media content to other systems on the

network or the Internet. This option installs Windows Media Services. (Thisserver role is supported by the Standard and Enterprise versions only.)

yTerminal ServerA server that processes tasks for multiple client computers running in terminalServices mode. This option installs Terminal Server. You don't need to installTerminal Server to remotely manage this server. Remote Desktop is installedautomatically with the OS.

WINS server

A server that runs Windows Internet Name Service (WINS) resolves NetBIOSnames to IP addresses and vice versa. This option installs WINS.


11/26

Table 1-1. Quick Reference

for Key Windows Server

2003 Administration Tools

Administrative Tool Purpose


12/26

What Is Directory Service? (Notes)What Is Directory Service? (Notes)

A service that helps track and locate objects on anetwork

A service that helps track and locate objects on anetwork

Active Directory Management

UsersServicesWorkstations Files


13/26

Active Directory DomainsActive Directory Domains

Boundary ofAuthentication

Boundary of

Policies

Boundary of Replication

CONTOSO.COM


14/26

Active Directory TreesActive Directory Trees

CONTOSO.COM

US.CONTOSO.COM

SharedSchema

Configuration

Global Catalog

OHIO.US.CONTOSO.COM


15/26

Transitive TrustsTransitive Trusts

CONTOSO.COM

US.CONTOSO.COM

UK.CONTOSO.COM


16/26

What is an Organizational UnitWhat is an Organizational Unit

(OU)?(OU)?Implements a Structure inside a DomainImplements a Structure inside a DomainCan be nested as neededCan be nested as needed

CanCan notnot be assigned any rightsbe assigned any rightsTypically used for Administrative ReasonsTypically used for Administrative Reasons

e.g. System Policiese.g. System Policies

LA

Admin

New York

SalesAdmin Sales


17/26

What is a Tree?What is a Tree?

Hierarchical Domain Structure inside aHierarchical Domain Structure inside asingle Namespacesingle Namespace

adiscon.comadiscon.com

la.adiscon.comla.adiscon.com

ny.adiscon.comny.adiscon.com

Transitive Trusts created automaticallyTransitive Trusts created automatically

SubSub--Domain must be added to RootDomain must be added to Root--DomainDomain otherwise there will be no tree!otherwise there will be no tree!

la.adiscon.com

adiscon.com

ny.adiscon.com

Tree


18/26

What is a Forest?What is a Forest?

Combination of TreesCombination of Trees

Disjunct NamespacesDisjunct Namespaces

adiscon.deadiscon.de

adiscon.comadiscon.com

Transitive Trusts created automaticallyTransitive Trusts created automatically

There is one single treeThere is one single tree--root!root!

SubSub--Tree must be added to RootTree must be added to Root--Tree,Tree,otherwise no Forest will be createdotherwise no Forest will be created


19/26

Domain

The TreeThe Tree--RootRoot

First Domain installedFirst Domain installed

Single SchemaSingle Schema

Absolutely vital!Absolutely vital!

OU

DomainOUOU

Objects

D

omain

Tree

Domain

Domain

Domain

Tree

Forest


20/26

What is a DomainWhat is a Domain--Controller?Controller?

Stores a physical Copy of the ActiveStores a physical Copy of the ActiveDirectory DatabaseDirectory Database Currently a single Domain per DC supported!Currently a single Domain per DC supported! ESE95 Database (MS Exchange)ESE95 Database (MS Exchange)

Logon ServicesLogon Services KerberosKerberos LAN Manager AuthenticationLAN Manager Authentication

Recommendation: always have at least 2Recommendation: always have at least 2Domain Controllers!Domain Controllers!


21/26

What is a Global CatalogWhat is a Global Catalog

Server?Server?Answers AD Search QueriesAnswers AD Search QueriesMust be present to successfully logonMust be present to successfully logon

Holds a copy of all Objects of the wholeHolds a copy of all Objects of the wholeForestForest

...but holds only a subset of the Attributes...but holds only a subset of the Attributes

User definableUser definable

Recommendation: at least one GC perRecommendation: at least one GC per(larger) Site(larger) Site


22/26

Multi Master ReplicationMulti Master Replication

Updates can be applied to ANY DomainUpdates can be applied to ANY DomainControllerController

Will be Replicated to each other DomainWill be Replicated to each other Domain

Controls (inside that Domain) within 15Controls (inside that Domain) within 15MinutesMinutes

Optimized Algorithm reduces ReplicationOptimized Algorithm reduces Replication

TrafficTrafficNotNot time based (triggered on demand,time based (triggered on demand,

only)!only)!


23/26

IntraIntra--Sites ReplicationSites Replication

All Domain Databases involvedAll Domain Databases involved

Changes are transmitted compressedChanges are transmitted compressed

via IP (RPC) or SMTPvia IP (RPC) or SMTP

SMTP not within a single domain!SMTP not within a single domain!

Time Replication occurs can be configuredTime Replication occurs can be configured

Volume of Replication Traffic can not beVolume of Replication Traffic can not berestricted!restricted!

Have an Eye on GCs!Have an Eye on GCs!


24/26

Mixed vs. Native Mode?Mixed vs. Native Mode?

Mixed Mode supports Coexistence with NT4Mixed Mode supports Coexistence with NT4

DefaultDefault

NT 4 BDCs continue to workNT 4 BDCs continue to work

Enables Fallback Scenario during MigrationEnables Fallback Scenario during Migration

Only Native Mode supports all AD FeaturesOnly Native Mode supports all AD Features

More than 40 MB Domain Database SizeMore than 40 MB Domain Database Size

Mostly problemMostly problem--free MoveTreefree MoveTree

Universal Groups, Group nestingUniversal Groups, Group nesting

Once you have switched to Native Mode, thereOnce you have switched to Native Mode, thereis no way back to Mixed Mode!is no way back to Mixed Mode!


25/26

What is Kerberos?What is Kerberos?

ageage--old Internetold Internet--StandardStandard -- maturemature

Commonly used under UnixCommonly used under Unix

Secure Authentication thanks toSecure Authentication thanks toEncryptionEncryption

StandardStandard--Authentication Model underAuthentication Model underWindows 2000Windows 2000

MicrosoftKerberos not fully compatible toMicrosoftKerberos not fully compatible toother Kerberos Implementationsother Kerberos Implementations


26/26

GroupsGroups

Basically, like under NT 4Basically, like under NT 4

Local Groups are assigned PermissionsLocal Groups are assigned Permissions

Global Groups contain UsersGlobal Groups contain Users From a single DomainFrom a single Domain

Global Groups are members in Local Groups for PermissionGlobal Groups are members in Local Groups for Permissionassignmentassignment

New: Universal GroupsNew: Universal Groups

Can be used everywhere in every DomainCan be used everywhere in every Domain(Permissions, Members)(Permissions, Members)

Implemented via GCImplemented via GC

Replication traffic limits usabilityReplication traffic limits usability

basics of wsa

Documents