Transcript Chapter 2: Planning and Installing the Active Directory

MCSE: Windows Server 2003 Active
Directory Planning, Implementation,
and Maintenance Study Guide,
Second Edition (70-294)
Chapter 2: Planning and Installing the
Active Directory
© Wiley Inc. 2006. All Rights Reserved.
Planning and Installing DNS
• Active Directory relies on DNS to
find clients, servers, and network
services
• Clients rely on DNS to find the file,
print, and other resources
• DNS is a TCP/IP standard for name
resolution
© Wiley Inc. 2006. All Rights Reserved.
2
DNS Namespace
• DNS names take form of a series of
alphanumeric strings separated by
decimal points
• Leftmost portion of name is the most
specific portion, referring to machine or
service
• Remaining portions are part of domain
name and uniquely specify network on
which host resides
• Full name is known as FQDN
© Wiley Inc. 2006. All Rights Reserved.
3
Features/Limitations of DNS
Name
• The name is hierarchical.
• The name is case-insensitive.
• Each FQDN on a given network
must be unique.
• Only certain characters are allowed.
• There are maximum lengths for
addresses.
© Wiley Inc. 2006. All Rights Reserved.
4
Some Top-Level Domains
•
•
•
•
•
•
•
.com = Commercial organizations
.edu = Educational institutions
.gov = U.S. governmental organizations
.int = International organizations
.mil = U.S. military organizations
.net = Large network providers
.org = Nonprofit organizations
© Wiley Inc. 2006. All Rights Reserved.
5
Guidelines for Choosing a Suitable
Name
• Choose a name that is similar to
the name of your company
• Use a name that is not likely to
change
• Ensure that you have the approval
of company management and
marketing staff
• Consult with legal department
© Wiley Inc. 2006. All Rights Reserved.
6
Internal and External Names
• External name is designed to make
computers accessible publicly on
the Internet.
• Internal and external domains may
be the same or different.
© Wiley Inc. 2006. All Rights Reserved.
7
Recursive Queries
•
•
•
•
Client requests information from its preferred
DNS server about a particular host on Internet
Preferred DNS server is unable to find a
resource record and queries another server –
first root server, then top-level domain server
Preferred server obtains information and
queries the company DNS server for
information on that host
Preferred server returns IP address of host
name given to client and communication
between the two is possible
© Wiley Inc. 2006. All Rights Reserved.
8
Iterative Queries
• Normally used when a client queries
DNS servers but instructs them not
to use recursion
• Involves a client configured to query
multiple DNS servers for names
© Wiley Inc. 2006. All Rights Reserved.
9
DNS Forwarding
• Reduces network traffic
• Allows you to specify exactly
which DNS servers will be used
for resolving names
© Wiley Inc. 2006. All Rights Reserved.
10
DNS Caching
• DNS servers save information in their
local database about mapped domain
names.
• Can access database information when
next faced with same query.
• Time to Live (TTL) value specifies how
long information can be cached.
© Wiley Inc. 2006. All Rights Reserved.
11
Load Balancing
• Round Robin and netmask ordering
are both used
• Distributes the network load
between multiple network cards if
they are available
© Wiley Inc. 2006. All Rights Reserved.
12
Reverse Lookups
• Resolve IP addresses to host
names
• Require presence of a reverse
lookup zone in the DNS server
© Wiley Inc. 2006. All Rights Reserved.
13
DNS Server Roles
• Primary Server – must exist within
each DNS zone
• Secondary Server – provides fault
tolerance
• Master Server – used when DNS
data is replicated between primary
and secondary servers
• Caching-only Server – does not
contain zone file copies
© Wiley Inc. 2006. All Rights Reserved.
14
Zone Transfers
• All Zone Transfer (AXFR)
• Incremental Zone Transfer (IXFR)
• Can occur in response to:
– Zone refresh interval exceeded
– Master server notifying secondary
server of zone change
– Start-up of secondary server service
– Zone transfer manually initiated
© Wiley Inc. 2006. All Rights Reserved.
15
DNS Resource Record Types
• A = Address
• RP = Responsible
Person
• CNAME = Canonical
Name
• SOA = Start of
Authority
• MX = Mail
Exchanger
• SRV = Service
• NS = Name Server
• PTR = Pointer
© Wiley Inc. 2006. All Rights Reserved.
16
Advantages to NTFS 5
•
•
•
•
•
Disk quotas
File system encryption
Dynamic volumes
Mounted drives
Remote storage
© Wiley Inc. 2006. All Rights Reserved.
17
To Verify Network Connectivity
• At least one network adapter should
be installed and properly configured
• Make sure TCP/IP is installed,
configured, and enabled
• Verify Internet access
• Verify LAN access
• Verify client access
• Verify WAN access
© Wiley Inc. 2006. All Rights Reserved.
18
Network Verification Tools
• The ipconfig utility
• The ping utility
• Network browsing = Network
Neighborhood
• Internet browsing
© Wiley Inc. 2006. All Rights Reserved.
19
Windows Server 2003 Functional
Levels
• Domain and forest functionality new
to Windows Server 2003 Active
Directory
• Similar to mixed and native modes in
Windows 2000
• Three domain functional levels:
– Windows 2000 Mixed
– Windows 2000 Native
– Windows Server 2003
© Wiley Inc. 2006. All Rights Reserved.
20
Windows Server 2003 AD New
Features
• Global Catalog replication
enhancements
• Defunct schema classes and
attributes
• Forest trusts
• Linked value replication
• Renaming domains
© Wiley Inc. 2006. All Rights Reserved.
21
Installing Active Directory
• Done using Active Directory
Installation Wizard (DCPROMO)
• Requires first promoting a Windows
Server 2003 computer to a domain
controller
• First domain controller in an
environment serves as starting point
for the forest, trees, domains and
Operations Master roles
© Wiley Inc. 2006. All Rights Reserved.
22
To Verify Active Directory
Installation
• Event Viewer can be used to look at
the event log
• Active Directory Administration
Tools
– Active Directory Domains and Trusts
– Active Directory Sites and Services
– Active Directory Users and Computers
© Wiley Inc. 2006. All Rights Reserved.
23
Application Data Partitions
• Allow system administrators and
application developers to store custom
information within AD
• Can replicate information and keep track
of it
• Can be created with
–
–
–
–
Third-party or application-specific tools
Active Directory Services Interface (ADSI)
LDP.exe
ntdsutil
© Wiley Inc. 2006. All Rights Reserved.
24
NTDSUTIL Commands
•
•
•
•
•
Help / ?
Connection(s)
Create NC
Delete NC
List NC
Information
• Precreate
• Remove NC Replica
• Select Operation
Target
• Set NC Reference
Domain
• Set NC Replicate
Notification
© Wiley Inc. 2006. All Rights Reserved.
25
Key Terms
• Active Directory
Installation Wizard
(DCPROMO)
• Application data
partitions
• Caching-only DNS
servers
• Child domains
• Delegation
• DNS namespace
• File Allocation Table
(FAT)
• Forwarding
• Functional levels
• Iteration
• Master DNS servers
• Parent domain
© Wiley Inc. 2006. All Rights Reserved.
26
Key Terms (cont)
• Primary DNS
server
• Promotion
• Recursion
• Resource record
(RR)
• Reverse lookup
zone
• Root domain
• Secondary DNS
server
• TCP/IP
• NTFS
• Windows Server
2003 functional level
• Zone
• Zone transfer
© Wiley Inc. 2006. All Rights Reserved.
27