by Rashid Khan
Lesson 4-Preparing to Serve: Understanding Microsoft Networking
by Rashid Khan
Overview
Logical structures of domain-based networks.
Features of Active Directory in Windows Server 2003.
Creating a domain by installing Active Directory.
by Rashid Khan
Identifying Logical Structures of Domain-Based Networks Domains.Trees.Forests.Organizational units and sites.
by Rashid Khan
Domains
A domain is: A container for every element on a network. A security boundary between the domain and
the rest of the environment.
by Rashid Khan
Domains
The domain acts as a container for all network objects and as a security boundary.
by Rashid Khan
Trees
Trees are a hierarchy of related domains.All domains in a tree possess a two-way,
transitive trust between them.
by Rashid Khan
Trees
A tree consists of domains that share a contiguous namespace.
by Rashid Khan
Trees
The domains that make up a tree must share a common schema and the parent/child relationships that describe classes of network objects in Active Directory.
Since domains in a tree are separate, they do not directly replicate each other’s Active Directory data stores.
A domain controller (DC) acts as the global catalog (GC).
by Rashid Khan
Forests
Forests: Are made up of trees. Contain a disjointed namespace between the
domains of a tree and the domains of another tree.
Share a common schema and a common GC.
by Rashid Khan
Forests
A forest consists of domains in a disjointed namespace.
by Rashid Khan
Organizational Units and Sites
Organizational units (OUs)Sites
by Rashid Khan
Organizational Units
Organizational units: Are logical network structures. Are used to subdivide a domain into
manageable parts without creating new domains.
Enable administrators to group user accounts, user groups, computer accounts, and other Active Directory objects.
by Rashid Khan
Sites
Sites: Address the physical structure of a network. Require the network to be divided into subnets. Enable customization of the multimaster
replication process between DCs.
by Rashid Khan
Features of Active Directory in Windows Server 2003 Basic benefits of Active Directory.New features of Active Directory.
by Rashid Khan
Basic Benefits of Active Directory
Simplified managementStrong securityInteroperability
by Rashid Khan
Simplified Management
Active Directory simplifies management by: Enabling administrators to efficiently administer
the centrally-located network objects and structures.
Helping users to access the shared resources on the network.
Helping to publish shared folders so that users can easily locate the folders on the network.
by Rashid Khan
Strong Security
Active Directory strengthens security by: Selectively granting permissions to users to
access specific resources. Allowing these permissions to be applied to
users or groups, through a one-time authentication of the user at logon.
by Rashid Khan
Interoperability
Active Directory enables interoperability by enabling users to share its resources with other applications.
It can also be used to adjust the performance of hardware components to the needs of the organization.
by Rashid Khan
New Features of Active Directory
Improved user interface.Group Policy Management Console
(GPMC).Renaming domains.
by Rashid Khan
Improved User Interface
Windows Server 2003 version of Active Directory: Allows users to drag and drop Active Directory
objects. Allows administrators to select and edit multiple
objects at a time.
by Rashid Khan
Group Policy Management Console (GPMC) Group Policy allows administrators to control
settings that affect user accounts and computers.
Policies can be applied to domains, sites, and organizational units.
The GPMC utility allows administrators to easily edit policies across multiple OUs, domains, or sites.
It also enables to back up and restore policies.
by Rashid Khan
Renaming Domains
Domains in Windows Server 2003 can be renamed without demoting them.
Also, renaming a domain does not affect the logical structures of a domain, tree, and forest.
by Rashid Khan
Create a Domain by Installing Active Directory Plan the Active Directory installation.Raise the domain and forest functional
level.
by Rashid Khan
Plan the Active Directory Installation
Domain name.Folder locations.Domain Name System (DNS) and support
for pre-Windows 2000 Server operating system.
Restore Mode administrator password.
by Rashid Khan
Domain Name
Should be similar to Internet DNS names, and should be registered.
Should be short, which makes it easy to remember and type.
by Rashid Khan
Folder Locations
The Active Directory database and the log files are stored in the NTDS subfolder of the WINDOWS folder.
The SYSVOL folder contains the information that is replicated between DCs.
by Rashid Khan
DNS and Support for Pre-Windows 2000 Server Operating System It is recommended to install and configure
DNS service before installing Active Directory.
The users need to specify whether or not Active Directory installation program should support older server operating systems during the installation.
by Rashid Khan
Restore Mode Administrator Password If the Active Directory data store is
corrupted, Restore Mode can be used to fix the problem.
The Restore Mode administrator password is required to use the Restore Mode.
by Rashid Khan
Plan the Active Directory Installation
Active Directory Installation Wizard
by Rashid Khan
Plan the Active Directory Installation
Create a New Domain
by Rashid Khan
Plan the Active Directory Installation
New Domain Name
by Rashid Khan
Plan the Active Directory Installation
NetBIOS Domain Name
by Rashid Khan
Plan the Active Directory Installation
Database and Log Folders
by Rashid Khan
Plan the Active Directory Installation
Shared System Volume
by Rashid Khan
Plan the Active Directory Installation
DNS Registration Diagnostics
by Rashid Khan
Plan the Active Directory Installation
Permissions
by Rashid Khan
Plan the Active Directory Installation
Directory Services and Restore Mode Administrator Password
by Rashid Khan
Plan the Active Directory Installation
Completing the Active Directory Installation Wizard
by Rashid Khan
Raise the Domain and ForestFunctional Level The domain functional level must be raised to
the Windows Server 2003 level to use the new domain features.
Once the domain functional level has been raised, it cannot be lowered.
Changes made to the forest functional level are irreversible.
Forest functional levels cannot be raised until the domain functional level has also been sufficiently raised to support the change.
by Rashid Khan
Raise the Domain and Forest Functional Level
Active Directory Domains and Trusts
by Rashid Khan
Raise the Domain and Forest Functional Level
Raise Domain Functional Level
by Rashid Khan
Raise the Domain and Forest Functional Level
Raise Forest Functional Level
by Rashid Khan
Summary
A domain is the container for elements on a network.
A tree is made up of a hierarchy of related domains.
A forest is made up of trees.Forests share a common schema and a GC.Organizational units are used to subdivide a
single domain into manageable parts.
by Rashid Khan
Summary
Sites address the physical structure of a network.
Some of the benefits of Active Directory are simplified management, strong security, and interoperability.
Some of the new features of Active Directory are improved user interface, Group Policy Management Console (GPMC), and the ability to rename domains.
by Rashid Khan
Summary
Installing Active Directory makes the network server a DC.
Planning the installation of Active Directory includes choosing a domain name and the folder locations, and determining whether the DNS is installed or configured properly.
Planning the installation of Active Directory also includes determining whether the Active Directory should support older versions of the operating system.
