1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.

1

Active DirectoryAdministration Tasks And Tools

• Active Directory Administration Tasks

• Active Directory Administrative Tools

• Using Microsoft Management Consoles

• Using Task Scheduler

2

Active Directory Administrative Tasks

Microsoft Windows 2000 Active Directory Administrative Tasks

3

Administrative Categories

• Configuring Active Directory

• Administering users and groups

• Securing network resources

• Administering Active Directory

• Administering the desktop computing environment

• Securing Active Directory

• Managing Active Directory performance

• Installing Windows 2000 remotely

4

Active Directory Administrative Tools

• Active Directory Administrative Tools

• Other Active Directory Administrative Tools

• The Microsoft Management Console (MMC)

• Console Tree and Details Pane

• Snap-Ins

• Console Options

• Author Mode

5

Administrative Tools Menu

• Active Directory Domains and Trusts console

• Active Directory Sites and Services console

• Active Directory Users and Computers console

6

Active Directory Domains and Trusts Console• Assists management of trust relationships between domains

• Windows 2000 domains in the same or different forests.• Pre-Windows 2000 domains.• Kerberos V5 realms.

• Use the Active Directory Domains and Trusts console to

• Provide interoperability with other domains by managing explicit domain trusts.

• Change the mode of operation of a Windows 2000 domain from mixed mode to native mode.

• Add and remove alternative user principal name (UPN) suffixes used to create user logon names.

• Transfer the domain naming operations master role from one domain controller to another.

• Provide information about domain management.

7

Active Directory Sitesand Services Console

• Publish sites to Active Directory to provide information about the physical structure of a network.

• Active Directory uses this information to determine how to replicate directory information and handle service requests.

8

Active Directory Usersand Computers Console

• Adds, modifies, deletes, and organizes Windows 2000 user accounts, computer accounts, security and distribution groups, and published resources in the organization’s directory

• Manages domain controllers and OUs

9

Other Support Tools

• Active Directory Schema Snap-In

• Active Directory Support Tools

10

Support Tools(MMC Snap-In)

• ADSI Edit

• Used to view all objects in the directory, modify objects, and set ACLs on objects.

• SIDwalker: Security Administration Tools

• Consists of three separate programs.• SHOWACCS.EXE and SIDWALK.EXE are command-

line tools for examining and changing access control entries.

• Security Migration Editor is an MMC snap-in tool for editing mapping between old and new security IDs (SIDs).

11

Support Tools (GUI)

• LDP.EXE: Active Directory Administration Tool

• Allows LDAP operations to be performed against Active Directory

• REPLMON.EXE: Active Directory Replication Monitor

• Displays replication topology, monitors replication status, forces replication events, and recalculates knowledge consistency checker

12

Support Tools(Command Line)

• ACLDIAG.EXE: ACL Diagnostics

• DFSUTIL.EXE: Distributed File System Utility

• DNSCMD.EXE: DNS Server Troubleshooting Tool

• DSACLS.EXE: View or modify the ACL of objects in Active Directory

• DSASTAT.EXE: Active Directory Diagnostic Tool

• MOVETREE.EXE: Active Directory Object Manager

• NETDOM.EXE: Windows 2000 Domain Manager

• NLTEST.EXE: Provides information about trusts and replication

• REPADMIN.EXE: Replication Diagnostics Tool

• SDCHECCK.EXE: Security Descriptor Check Utility

13

Active Directory Service Interfaces (ADSI)

• Provides a simple, powerful, object-oriented interface to Active Directory

• Makes it easy for programmers and administrators to create programs utilizing directory services by using high-level tools without having to worry about the underlying differences between the different namespaces

• Fully programmable automation object for use by administrators

• Provides the ability to build or buy programs that give a single point of access to multiple directories in a network environment, whether those directories are based on LDAP or another protocol

14

The Microsoft Management Console (MMC)

• Used to create, save, and open collections of administrative tools.

• Does not provide management functions itself, but is the program that hosts management applications called snap-ins.

• Uses snap-ins to perform one or more administrative tasks.

• Preconfigured MMCs contain commonly used snap-ins, which appear on the Administrative Tools menu.

• Custom MMCs are created to perform a unique set of administrative tasks.

• Preconfigured and custom MMCs can be used for remote administration.

15

Preconfigured MMCs

• Contain one or more snap-ins that provide the functionality to perform a related set of administrative tasks.

• Function in User mode; unable to modify, save, or add additional snap-ins.

• Windows 2000 Server and Windows 2000 Professional have different preconfigured MMCs.

• Added by Windows 2000 when additional components are installed.

16

Typical PreconfiguredMMCs are Available for

• Windows 2000 Professional, Windows 2000 Server stand-alone server, and Windows 2000 Server domain controllers

• Windows 2000 Server stand-alone server and domain controllers

• Windows 2000 Server domain controllers only

• Windows 2000 Professional and Windows 2000 Server stand-alone server

17

Windows 2000 Professional, Windows 2000 Server Stand-Alone Server, and Windows 2000 Server Domain Controllers

• Component Services

• Computer Management

• Data Sources (ODBC)

• Event Viewer

• Performance

• Services

18

Windows 2000 Server Stand-Alone Server and Domain Controllers

• Configure Your Server

• Distributed File System

• Internet Services Manager

• Licensing

• Routing and Remote Access

• Server Extensions Administrator

• Telnet Server Administration

19

Domain Controllers Only

• Active Directory Domains and Trusts

• Active Directory Sites and Services

• Active Directory Users and Computers

• Dynamic Host Configuration Protocol (DHCP)

• Domain Name System (DNS)

• Domain controller Security Policy

• Domain Security Policy

20

Professional and Server Stand-Alone Server

Local Security Policy

21

Sample MMC

22

Snap-Ins and Extensions

23

Stand-Alone Snap-Ins

• Usually referred to simply as snap-ins

• Used to perform Windows 2000 administrative tasks

• Provide one function or a related set of functions

24

Extension Snap-Ins• Referred to simply as extensions.

• Provide additional administrative functionality to another snap-in.

• Designed to work with one or more stand-alone snap-ins.

• Windows 2000 displays only extensions that are compatible with the stand-alone snap-in and places them in the appropriate location.

• When a snap-in is added to a console, MMC adds all available extensions by default.

• Extensions can be added to multiple snap-ins.

• Some stand-alone snap-ins can use extensions that provide additional functionality.

• Some snap-ins can act as a snap-in or an extension.

25

Console OptionsAuthor Mode

• Full access to all MMC functionality

• Adds or removes snap-ins

• Creates new windows

• Views all portions of the console tree

• Saves MMCs

26

Console Options User Mode

• Users cannot add or remove snap-ins, or save the MMC.

• Three types of user modes allow different levels of access and functionality:

• Full Access• Limited Access, Multiple Windows• Limited Access, Single Window

27

Using MMCs

• Using Preconfigured MMCs

• Using Custom MMCs

• Using MMCs for Remote Administration

• Practice: Using Microsoft Management Console

28

Options on the MMC Console Menu

• New: Create a new custom MMC console

• Open: Use a saved MMC console

• Save or Save As: Use the MMC console later

• Add/Remove Snap-In: Add or remove one or more snap-ins and their associated extensions to or from an MMC console

• Options: Configure the console mode and create a custom MMC console

29

Using MMCs forRemote Administration• Snap-in for remote administration can be set up when a

custom MMC is created.

• Remote administration allows administrative tasks to be performed from any location.

• The design of each snap-in dictates whether or not it can be used for remote administration.

• You must use specific snap-ins designed for remote administration.

• If the snap-in is available for remote administration, Windows 2000 prompts for the target computer to administer.

• The Windows 2000 Administration Tools Setup Wizard is simply a means for loading administrative tools to a remote machine.

30

Using Task Scheduler

• Introduction to Task Scheduler

• Practice: Using Task Scheduler

31

Scheduled Task Wizard

32

Task Scheduler

• Scheduled tasks are saved in the Scheduled Tasks folder in the Control Panel folder in My Computer and on the Accessories, System Tools menu.

• Access scheduled tasks on another computer by browsing that computer’s resources using My Network Places; allows tasks to be moved from one computer to another.

• Use Task Scheduler to

• Run maintenance utilities at specific intervals.• Run programs when there is less demand for

computer resources.

33

Scheduled Task Wizard Options

• Program to run: The applications to be scheduled

• Task name: A descriptive name for the task

• Frequency: How often Windows 2000 will perform the task

• Time and date: Start time and start date for the task to occur

• Name and password: User name and password; application will run under the security settings for this user account

• Advanced properties: Select this check box to display the Advanced Properties dialog box after clicking Finish

34

Scheduled Task WizardAdvanced Properties

• Task: Change the scheduled task, add parameters, or change the user account

• Schedule: Set and display multiple schedules for the same task

• Settings: Set options that can delete or stop a task, start or stop a task based on idle or non-idle time, start or stop a task if a computer is running on batteries, and wake the computer to run a task

• Security: Change the list of users and groups that have permission to perform the task, or change the permissions for a specific user or group