Windows Server 2003 AD

1
Windows Server 2003AD ?????????

• ???
• jeffl_at_ms11.hinet.net

2
Reasons to Maintain a Single Domain

• Ease of Management
• Easier Delegation
• Fewer Members in Domain Admins Group
• Object Capacity Same as Multiple Domain Structure

3
Reasons to Create Multiple Domains

• Distinct domain-level policies
• Tighter administrative control
• Decentralized administration
• Separation and control of affiliate relationships
• Reduced replication traffic

4
Installing DNS During the Active Directory
Installation

• The Active Directory Installation Wizard Prompts
  You to Install and Configure a Local DNS Server
  if It Does Not Find an Existing DNS Infrastructure

To Implement DNS, the Active Directory Wizard
5
Installing and Configuring DNS
To Install and Configure DNS
Assign a Static IP Address
Configure the DNS Primary Suffix
Install the DNS Server Service

• Create a Forward Lookup Zone
• Must be authoritative for your DNS domain
• Enable dynamic updates

Create a Reverse Lookup Zone (optional)
6
Establishing the Root Domain

• Start Installation Wizard
• Select Domain Controller and Domain Type
• Specify Required Information
• Domain, DNS, and NetBIOS names
• Database, log, and shared system volume locations
• Select to weaken permissions
• Active Directory Is Installed
• Computer Is Domain Controller
• Active Directory Tools Added

7
Adding a Domain Controller to an Existing Domain

• Start Installation Wizard
• Select Domain Controller Type
• Specify Required Information
• Network credentials
• DNS name of domain to join
• Database, log, and shared system volume locations
• Active Directory Is Installed

8
Creating a Child Domain

• Start Installation Wizard
• Select Domain Controller and
• Domain Type
• Specify Required Information
• Network credentials
• DNS names of parent and child domains
• Database, log, and shared system volume locations
• Select to weaken permissions
• Active Directory Is Installed

9
Creating a Tree in an Existing Forest

• Start Installation Wizard
• Select Domain Controller and
• Domain Type
• Specify Required Information
• Network credentials
• DNS names of new tree
• Database, log, and shared system volume locations
• Select to weaken permissions
• Active Directory Is Installed

10
The Active Directory Installation Process
The installation process

• Starts the security protocol and sets the
  security policy
• Creates the
• Active Directory partitions, database, and log
  files
• Forest root domain
• SYSVOL folder
• Configures the site membership of the domain
  controller
• Enables security on the directory service and the
  file replication folders
• Applies the password for restore mode

11
What Are SRV Resource Records?

• SRV resource records are DNS records that map a
  service to the computer that provides the service
  
• Format of SRV records
• Example
• Find Netlogon.dns in systemroot/System32/Config

_Service._Protocol.Name  Ttl  Class  SRV Priority 
Weight Port Target
_ldap._tcp.contoso.msft 600 IN SRV 0 100 389
london.contoso.msft
12
Configuring Zones for Dynamic Updates

• DNS Dynamic Update Protocol
• Allows clients to automatically update DNS
  servers
• Can be used in conjunction with DHCP

DHCP Server
Request for IP address
1
Assign IP address of 192.168.120.133
2
DHCP updates reverse resource record for Windows
XP / 2003 clients and both resource records for
other clients
Windows XP / 2003 client updates forward
resource record on DNS server
DNS Server
13
What Are Active Directory Integrated Zones?
Active Directory Integrated Zones

• Are primary and stub DNS zones that are stored as
  objects in the Active Directory database
• Can be stored in an application or a domain
  partition
• Offer the following benefits
• Multimaster replication
• Secure dynamic updates
• Standard zone transfers to other DNS servers

14
Removing Active Directory

• Remove Active Directory by
• Using the Active Directory Installation Wizard
• Providing appropriate administrative credentials
• The Active Directory Installation Wizard Performs
  Specific Removal Operations Depending on the Type
  of Domain Controller

15
What Is a User Principal Name?

• A logon name that is used only for logging on to
  a Windows Server 2003 network
• Advantages
• Unique in Active Directory
• Can be the same as a users e-mail address

suzanf_at_contoso.msft
16
What Are Directory Partitions?
Contains
Definitions and rules for creating and
manipulating objects and attributes
Forest
Information about the Active Directory structure
Information about domain-specific objects
Domain
Configurablereplication
Information about applications
Active Directory Database
17
What Is a Schema?

• A forest-wide definition of object classes and
  attributes that can be extended
• Schema changes can be redefined or deactivated

18
What Are Distinguished Names?
Distinguished names identify an object's domain
and path to reach it
Relative distinguished name
CNSuzan Fine,OUSales,OUFinance,DCcontoso,DCms
ft
19
What Is the Global Catalog?

• A repository that contains a subset of the
  attributes of all objects in Active Directory

20
Creating a Global Catalog Server

• Global Catalog Provides
• Universal group membership information for the
  account
• Domain information when using user principal
  names during logon

21
When to Customize a Global Catalog Server
Common Attributes
Changed Attributes
firstName lastName email address accountExpires d
istinguishedName
department firstName lastName email
address accountExpires distinguishedName
Create additionalattributes
Global Catalog Server
Add only the additional attributes that you query
or refer to frequently
22
Adding Object Attributes to the Global Catalog
23
What Is Forest and Domain Functionality?
Enable forest-wide or domain-wide Active
Directory features