12:21 PM
Kinsz
Terms you'll need to understand:
U2713.GIF Domains
U2713.GIF Domain Trees
U2713.GIF Domain Forests
U2713.GIF Computer accounts
U2713.GIF Run As feature
U2713.GIF Internationally unique identifiers (GUIDs)
U2713.GIF Organizational units (OUs)
U2713.GIF Microsoft Management Console (MMC) 3.0
U2713.GIF Active Index Users and PCs console
Techniques you'll need to master:
U2713.GIF Adding and removing computer accounts
U2713.GIF Prestaging PC accounts
U2713.GIF Using command-line tools for modifying Active Catalog objects
U2713.GIF Utilising the Action Pane in the MMC 3.0
U2713.GIF Enabling full functionality for MMC 3.0
U2713.GIF Handling resources utilizing the Run As command
Microsoft introduced Active Catalog with the debut of Windows 2000 Server in Feb 2000. Active Index provides a directory service for Microsoft-based networks in a rather similar way that Novell List Services (NDS) gives a catalog service for NetWare environments. For Windows Server 2003, Microsoft reinforced and refined Active Directory by making the list service more flexible, more scalable, and more manageable than its Windows 2000 predecessor. Active Catalog is a crucial element in Windows Server 2003, and its many benefits can provide a real reason to upgrade, especially if you are coming from a Windows NT Server environment.
Knowing how to manage objects inside Active List is imperative for a successful deployment and trusty everyday operations of a Windows Server 2003 Active Directory"based network. In this chapter, we introduce you to Active Directory for Windows Server 2003. You can discover how to add, remove, and manage PC accounts in Active Directory. Sadly, network administration doesn't often go smoothly, so you may also learn about the best way to fix PC accounts in Windows Server 2003 and Active Index.
Microsoft released Windows Server 2003 Service Pack 1 (SP1) on March 2004, as a major update. In December 2005, Microsoft released the R2 (Release 2) Copy of Windows Server 2003, in 32-bit (x86) and 64-bit (x64) versions. This chapter and this book covers all these different permutations of the Windows Server 2003 operating systemâ€"the original Release to Manufacturing (RTM) version, SP1, and R2 in both the 32-bit (x86) and 64-bit (x64) flavours. The functionality and features covered in this book apply to all of these editions, except where noted.
Introduction to Active Directory
The various enhancements to Active Index include some of the major feature enhancements of Windows Server 2003. Active Index is a replicated and distributed database that stores PC related info such as usernames, passwords, telephone numbers, addresses, e-mails, group names, and computer names, to name a few. Active List is referred to as a index service as it provides users and computers with the power to look up information in a similar way that you look up info using a phone book catalog.
Special servers called domain controllers (DCs) are designated to store a copy of the Active List database, and these DCs are accountable for synchronizing the Active Directory database with all the other DCs that share the database. Server PCs in addition to workstation computers that are members of an Active List domain, perform several Active Catalog queries (or lookups) in their day-to-day operations. For instance, Active Directory domain-member computers need to know where close by DCs are for authentication purposes.
Active Directory is based on open, Internet-related standards, such as the Transmission Control Custom/Net Protocol (TCP/IP), the Domain Name System (DNS), the Kerberos authentication custom, and the Light List Access Custom (LDAP), among many others. In reality you cannot install Active Directory without TCP/IP and DNS installed and. Functioning within the network environment. You need to name Active Index domains employing a full DNS name such as examcram2.informit.com.
Domains, Domain Trees, and Domain Forests
A Windows Server 2003 PC (or a Windows 2000 Server PC) becomes a DC when a director runs the Active Index Installation Magician. You can run the magician by clicking Start, Run; typing dcpromo.exe; and clicking OK. This process promotes a server to a DC. The wizard makes several changes to the server PC to prepare it to become a DC. One of the big changes is the inception of the Active Directory database file itself. This file is named ntds.dit, and it must reside on a hard disk partition or volume that is formatted as NTFS. The default location for the ntds.dit file is the %systemroot% tds folder (for example, c:windows tds).
The very first Windows Server 2003 (or Windows 2000 Server) DC that you promote creates the root domain. For instance, if you promote a DC and name the domain examcram2.net, this domain becomes the root domain within the new Active Index forest. The basic logical elements of Active List are as follows:
Domainâ€"One or more DC servers and a group of users and PCs that share identical Active Directory database for authentication and can share common server resources.
Domain Treeâ€"One or even more Active Directory domains that share a standard ordered DNS namespace (parent-child-grandchild and so on). For instance, examcram2.net could be the parent domain, northamerica.examcram2.net may be the kid domain, us.northamerica.examcram2.net could be the grandchild domain, and the like.
Domain Forestâ€"One or even more Active Catalog domain trees (each tree has its own DNS namespace) that share the same Active Directory database. An Active Catalog forest is a logical container for a few related domains.
No Primary or Backup Domain Controllers
Windows NT Server 3.5x and Windows NT Server 4.0 used the idea of one first DC (PDC) and backup DCs (BDCs), where just one of the DCs could act as the PDC at any one time. The PDC stores the read/write copy of the safety accounts chief (SAM) database, while each BDC stores a read-only copy of the SAM database. Instead , Active Directory uses a technique called multimaster copying to distribute copies of the Active List database to every other DCs that share the same Active Index namespace. This copying technology means that directors can make additions, changes, or deletions to the Active Index database from any DC, and those modifications get synchronized with all the other DCs inside an Active Catalog domain and the GCs within the entire AD forest. Active List allots the role of PDC Emulator to the first DC to come online in an Active Directory forest. The DC which has the PDC Emulator role can communicate between Active Directory and down-level PDCs and BDCs running on Windows NT Server 3.5x and Windows NT Server 4.0.
Organizational Units
To enhance network administration, Microsoft made organizational units (OUs) to provide for logical groupings of users, groups, PCs, and other objects within a single domain. You can delegate executive authority over each OU to other administrators for distributing network-management chores. The delegated authority can be limited in scope, if required, so you can grant junior administrators just categorical administrative powersâ€"not complete administrator-level authority. In addition, you can apply particular group policy object (GPO) settings at the OU level, allowing users and computers to be managed differently according to the OU in which they're placed.
The Microsoft Management Console (MMC)
The MMC is the standard interface for hosting all the varied GUI tools and resources that directors use to control the Windows and Active Directory environments. The MMC is a shell that houses MMC snap-insâ€"the snap-ins essentially supply the functionality. The MMC gives a consistent and homogenized feel and look for all the snap-in tools. MMC snap-in files use the file extension .msc. You can see a few of the default snap-ins if you peruse the %systemroot%system32 folder on a Windows Server 2003 PC.
For example, on a domain controller, you can run the Active Index Users and PCs (ADUC) snap-in by double-clicking the dsa.msc file in the %systemroot%system32 folder. Otherwise, you can run the ADUC snap-in by clicking Start, Run, typing in dsa.msc, and clicking OK. You should include the .msc file extension for the snap-in to run. You also have the choice of clicking Start, Run, typing in. Mmc, and clicking OK to display an empty console; you may then click File, Add/Remove Snap-in to load the snap-in of your preference.
MMC 3.0
ICON TYPE When you upgrade Windows Server 2003 to the R2 Edition, the MMC gets upgraded to version 3.0 immediately. The MMC 3.0 sports 3 major improvements over its prior versions:
The Action paneâ€"The Action pane is displayed on the right side of the console when it is not hidden. (It is mostly concealed by default on most snap-ins.) The Show/Hide Action Pane toolbar icon shown in Figure 2.1 is quite similar to the Show/Hide Console Tree toolbar icon. The Action pane displays the actions that can be performed on the now selected item in the console tree (left pane) or in the results pane (center pane). You can view the same list of actions by right-clicking an item.
Figure 2.1
Figure 2.1 A view of the Action pane for the ADUC snap-in under MMC 3.0 and Windows Server 2003 R2.
Reinforced Error Handlingâ€"MMC 3.0 notifies you when errors happen within loaded snap-ins that would cause the MMC shell to stop responding. When the MMC 3.0 uncovers an error, it can give you some options to address the boo boo.
Improved Add or Remove Snap-in dialog boxâ€"The re-designed Add or Remove Snap-in dialog box for the MMC 3.0 makes it more straightforward to add, remove, and organise snap-ins (see Figure 2.2).
Figure 2.2
Figure 2.2 The Add or Remove Snap-ins dialog box under MMC 3.0 and Windows Server 2003 R2.
Exam Alert
To enable MMC 3.0 features such as the new Add or Remove Snap-in dialog box, you should add a new subkey to the Microsoft Windows Registry.
Always have a good, contemporary backup of your system before you attempt to make any change to the Registry.
Using regedit.exe, the Windows Registry editor tool, navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftMMC. You must add a new subkey named UseNewUI under this existing Registry key to turn on the enhancements to MMC 3.0. No reboot is required; the change is effective straight away.
TIP
ICON TYPE MMC 3.0 supports a bigger ranger of functionality than previous versions of the MMC; nevertheless MMC snap-ins must support the new MMC 3.0 features for the enhanced functionality to be available.
U2713.GIF Domains
U2713.GIF Domain Trees
U2713.GIF Domain Forests
U2713.GIF Computer accounts
U2713.GIF Run As feature
U2713.GIF Internationally unique identifiers (GUIDs)
U2713.GIF Organizational units (OUs)
U2713.GIF Microsoft Management Console (MMC) 3.0
U2713.GIF Active Index Users and PCs console
Techniques you'll need to master:
U2713.GIF Adding and removing computer accounts
U2713.GIF Prestaging PC accounts
U2713.GIF Using command-line tools for modifying Active Catalog objects
U2713.GIF Utilising the Action Pane in the MMC 3.0
U2713.GIF Enabling full functionality for MMC 3.0
U2713.GIF Handling resources utilizing the Run As command
Microsoft introduced Active Catalog with the debut of Windows 2000 Server in Feb 2000. Active Index provides a directory service for Microsoft-based networks in a rather similar way that Novell List Services (NDS) gives a catalog service for NetWare environments. For Windows Server 2003, Microsoft reinforced and refined Active Directory by making the list service more flexible, more scalable, and more manageable than its Windows 2000 predecessor. Active Catalog is a crucial element in Windows Server 2003, and its many benefits can provide a real reason to upgrade, especially if you are coming from a Windows NT Server environment.
Knowing how to manage objects inside Active List is imperative for a successful deployment and trusty everyday operations of a Windows Server 2003 Active Directory"based network. In this chapter, we introduce you to Active Directory for Windows Server 2003. You can discover how to add, remove, and manage PC accounts in Active Directory. Sadly, network administration doesn't often go smoothly, so you may also learn about the best way to fix PC accounts in Windows Server 2003 and Active Index.
Microsoft released Windows Server 2003 Service Pack 1 (SP1) on March 2004, as a major update. In December 2005, Microsoft released the R2 (Release 2) Copy of Windows Server 2003, in 32-bit (x86) and 64-bit (x64) versions. This chapter and this book covers all these different permutations of the Windows Server 2003 operating systemâ€"the original Release to Manufacturing (RTM) version, SP1, and R2 in both the 32-bit (x86) and 64-bit (x64) flavours. The functionality and features covered in this book apply to all of these editions, except where noted.
Introduction to Active Directory
The various enhancements to Active Index include some of the major feature enhancements of Windows Server 2003. Active Index is a replicated and distributed database that stores PC related info such as usernames, passwords, telephone numbers, addresses, e-mails, group names, and computer names, to name a few. Active List is referred to as a index service as it provides users and computers with the power to look up information in a similar way that you look up info using a phone book catalog.
Special servers called domain controllers (DCs) are designated to store a copy of the Active List database, and these DCs are accountable for synchronizing the Active Directory database with all the other DCs that share the database. Server PCs in addition to workstation computers that are members of an Active List domain, perform several Active Catalog queries (or lookups) in their day-to-day operations. For instance, Active Directory domain-member computers need to know where close by DCs are for authentication purposes.
Active Directory is based on open, Internet-related standards, such as the Transmission Control Custom/Net Protocol (TCP/IP), the Domain Name System (DNS), the Kerberos authentication custom, and the Light List Access Custom (LDAP), among many others. In reality you cannot install Active Directory without TCP/IP and DNS installed and. Functioning within the network environment. You need to name Active Index domains employing a full DNS name such as examcram2.informit.com.
Domains, Domain Trees, and Domain Forests
A Windows Server 2003 PC (or a Windows 2000 Server PC) becomes a DC when a director runs the Active Index Installation Magician. You can run the magician by clicking Start, Run; typing dcpromo.exe; and clicking OK. This process promotes a server to a DC. The wizard makes several changes to the server PC to prepare it to become a DC. One of the big changes is the inception of the Active Directory database file itself. This file is named ntds.dit, and it must reside on a hard disk partition or volume that is formatted as NTFS. The default location for the ntds.dit file is the %systemroot% tds folder (for example, c:windows tds).
The very first Windows Server 2003 (or Windows 2000 Server) DC that you promote creates the root domain. For instance, if you promote a DC and name the domain examcram2.net, this domain becomes the root domain within the new Active Index forest. The basic logical elements of Active List are as follows:
Domainâ€"One or more DC servers and a group of users and PCs that share identical Active Directory database for authentication and can share common server resources.
Domain Treeâ€"One or even more Active Directory domains that share a standard ordered DNS namespace (parent-child-grandchild and so on). For instance, examcram2.net could be the parent domain, northamerica.examcram2.net may be the kid domain, us.northamerica.examcram2.net could be the grandchild domain, and the like.
Domain Forestâ€"One or even more Active Catalog domain trees (each tree has its own DNS namespace) that share the same Active Directory database. An Active Catalog forest is a logical container for a few related domains.
No Primary or Backup Domain Controllers
Windows NT Server 3.5x and Windows NT Server 4.0 used the idea of one first DC (PDC) and backup DCs (BDCs), where just one of the DCs could act as the PDC at any one time. The PDC stores the read/write copy of the safety accounts chief (SAM) database, while each BDC stores a read-only copy of the SAM database. Instead , Active Directory uses a technique called multimaster copying to distribute copies of the Active List database to every other DCs that share the same Active Index namespace. This copying technology means that directors can make additions, changes, or deletions to the Active Index database from any DC, and those modifications get synchronized with all the other DCs inside an Active Catalog domain and the GCs within the entire AD forest. Active List allots the role of PDC Emulator to the first DC to come online in an Active Directory forest. The DC which has the PDC Emulator role can communicate between Active Directory and down-level PDCs and BDCs running on Windows NT Server 3.5x and Windows NT Server 4.0.
Organizational Units
To enhance network administration, Microsoft made organizational units (OUs) to provide for logical groupings of users, groups, PCs, and other objects within a single domain. You can delegate executive authority over each OU to other administrators for distributing network-management chores. The delegated authority can be limited in scope, if required, so you can grant junior administrators just categorical administrative powersâ€"not complete administrator-level authority. In addition, you can apply particular group policy object (GPO) settings at the OU level, allowing users and computers to be managed differently according to the OU in which they're placed.
The Microsoft Management Console (MMC)
The MMC is the standard interface for hosting all the varied GUI tools and resources that directors use to control the Windows and Active Directory environments. The MMC is a shell that houses MMC snap-insâ€"the snap-ins essentially supply the functionality. The MMC gives a consistent and homogenized feel and look for all the snap-in tools. MMC snap-in files use the file extension .msc. You can see a few of the default snap-ins if you peruse the %systemroot%system32 folder on a Windows Server 2003 PC.
For example, on a domain controller, you can run the Active Index Users and PCs (ADUC) snap-in by double-clicking the dsa.msc file in the %systemroot%system32 folder. Otherwise, you can run the ADUC snap-in by clicking Start, Run, typing in dsa.msc, and clicking OK. You should include the .msc file extension for the snap-in to run. You also have the choice of clicking Start, Run, typing in. Mmc, and clicking OK to display an empty console; you may then click File, Add/Remove Snap-in to load the snap-in of your preference.
MMC 3.0
ICON TYPE When you upgrade Windows Server 2003 to the R2 Edition, the MMC gets upgraded to version 3.0 immediately. The MMC 3.0 sports 3 major improvements over its prior versions:
The Action paneâ€"The Action pane is displayed on the right side of the console when it is not hidden. (It is mostly concealed by default on most snap-ins.) The Show/Hide Action Pane toolbar icon shown in Figure 2.1 is quite similar to the Show/Hide Console Tree toolbar icon. The Action pane displays the actions that can be performed on the now selected item in the console tree (left pane) or in the results pane (center pane). You can view the same list of actions by right-clicking an item.
Figure 2.1
Figure 2.1 A view of the Action pane for the ADUC snap-in under MMC 3.0 and Windows Server 2003 R2.
Reinforced Error Handlingâ€"MMC 3.0 notifies you when errors happen within loaded snap-ins that would cause the MMC shell to stop responding. When the MMC 3.0 uncovers an error, it can give you some options to address the boo boo.
Improved Add or Remove Snap-in dialog boxâ€"The re-designed Add or Remove Snap-in dialog box for the MMC 3.0 makes it more straightforward to add, remove, and organise snap-ins (see Figure 2.2).
Figure 2.2
Figure 2.2 The Add or Remove Snap-ins dialog box under MMC 3.0 and Windows Server 2003 R2.
Exam Alert
To enable MMC 3.0 features such as the new Add or Remove Snap-in dialog box, you should add a new subkey to the Microsoft Windows Registry.
Always have a good, contemporary backup of your system before you attempt to make any change to the Registry.
Using regedit.exe, the Windows Registry editor tool, navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftMMC. You must add a new subkey named UseNewUI under this existing Registry key to turn on the enhancements to MMC 3.0. No reboot is required; the change is effective straight away.
TIP
ICON TYPE MMC 3.0 supports a bigger ranger of functionality than previous versions of the MMC; nevertheless MMC snap-ins must support the new MMC 3.0 features for the enhanced functionality to be available.
About the Author:
Welcome to visit my blog and leave you comment. mcse-70-297.com That may be a good blog about the IT documentation article and examination news, Q&A and so on!
0 comments:
Post a Comment