TermPaperWarehouse.com - Free Term Papers, Essays and Research Documents

The Research Paper Factory

Free Essay

Active Directory

In:

Submitted By makenna1
Words 5782
Pages 24
Implementing Windows Server 2003 Active Directory
Judith Che
Strayer University of Maryland

Author Note
Judith Che, Strayer University of Maryland.
Any questions regarding this article should be address to Judith Che.
Strayer University Maryland, White Marsh, MD 21085.

Company’s today relay on good networking in order for their business to grow and succeed. A system engineer requires the ability, knowledge, and skill to plan and manage today’s networking which faces an ever-increasing variety of applications. We need to be skilled and informed to manage a network running Windows Server 2003 Active Directory. Present day networking administrators have difficulties ensuring that network resources are available to users when access is needed and securing the network in such a way that available resources are accessible to the proper user with the proper permission. We will have to solve networking problems including troubleshooting, configuration, installation, administration, and managing element. Starting from choosing the best Windows Server 2003 Edition that will meet the company’s needs in terms of price, performance and features; work group woes, name resolution nightmares and DNS name conflicts to server security. These problems can be solved with proper planning, managing, and designing a day-to-day administration of an Active Directory domain within their Windows Server 2003 network environment. We predict that implementing a Windows Server 2003 Active Directory will beat and exceed company goals. By detailing the crucial role, it plays in providing a secure and operational network including using technical tools to manage, troubleshoot, and maintain the network system.
Active directory was first introduced in Windows 2000 Server products and has been improved in Windows Server 2003 to include advanced scalability, performance, and management features that makes it easy for network administrators to manage any kind of complicated task and network environment. In the world today, the evolution of technology is sky rocketing and active directory provides an organization’s network environment greater flexibility in its design, managing and deploying an organization’s directory. Active directory provides all these services and features which is very important in today’s network environment as directory-enabled applications are developed everyday. Active directory is the native directory service included in Windows server 2003 and Microsoft Windows 2000 server operating system. Microsoft’s active directory is a directory service that allows users and computers to communicate or look up information’s in the network such as users, phone numbers, and email addresses. In addition, active directory provides centralized and secured management of an entire network environment whether in a building, a city or many sites around the world. Active directory plays a crucial role in an organization’s network environment because the information stored in the active directory must be correct and secured to enable the proper functioning or operation of the organization. Active directory stores information like user account that stores user’s identification profiles on the network, which are a collection of user account that uses the same resources and require access to these resources. Active directory also plays an important role in defining security policies, these security policies determine how password are handled, and the encryption of data. Active directory is important to an organization’s network environment because it provides better services and features that include a proper logon and password authentication for users, a vital central point for storing data, organizing, controlling and managing their network objects for example, their users, groups and computers. In addition, active directory acts as a single point of administration of objects in an organization including their users, groups and computers and all their active directory-published resources such as shared files and printers. Active directory provides an organizations network environment with delegation of administration that allows decentralization of active directory objects such as groups and users. A system engineer for an organization that uses Windows Server 2003 Active Directory has two goals in mind; one, to ensure that the network resources like printers, folders and files are available to users. Secondly, network by granting the proper permission to users.
Active Directory is a crucial tool for an organization because it provides a solid foundation for other services, which is cost efficient for the organization and in turn allows the company to centrally manage their network environment. As a system engineer, when moving into a centrally managed, highly integrated IT network environment that supports cost efficient and effective delivery of business capabilities and solutions; we need to first look at Active Directory.
Before looking at active directory on a windows server 2003 network environment, we need to consider the proper windows server 2003 edition that will be cost efficient for the organization and help the company achieve the greatest return on their server investment. In today’s business, a wide variety of needs makes it difficult for a single operating system to include all required features. Windows server 2003 comes in a family of four editions; each edition is differentiated from each other by features and limitations, which is suitable for different server environments. Windows server 2003 enterprise edition is designed for mission-critical server workload for medium to large enterprises; it is the best choice for highly available applications, web services, and infrastructure. In addition, windows server 2003 enterprise edition delivers high reliability, superior business value, and extraordinary performance. Enterprise edition is advantageous to growing companies because it provides the ability to scale critical applications both up and out allowing them to meet changing demands in business transactions. Enterprise edition comes with some unique features, which are:

Table 1.1 Windows Server 2003, Enterprise edition, system requirements and features support. ( Dan DiNicolo and Brian McCann, 2006)
Features Values
Minimum CPU speed 133 MHz (x86), 733 MHz (Itanium)
Recommended minimum CPU speed 733
Minimum RAM 128MB
Recommended minimum Ram 256MB
Maximum RAM supported 32 GB (x86), 64 GB (Itanium)
Multiprocessor support Up to 8 CPU’s
Operating system disk space requirements 1.5 GB (x86), 2.0 GB (Itanium)
Clustering support Up to 8 nodes
Itanium support Yes
Active Directory support Domain controller, Member server
Support Upgrade (x86 only) Windows NT 4.0 Server (SP5), Windows NT 4.0 Terminal Server Edition (SP5), Windows NT 4.0 Enterprise Edition (SP5), Windows 2000 Server, Windows 2000 Advanced Server, Windows Server 2003 Standard Edition.

Before a company decides to commit or rule out further purchases, it should consider the fact that this edition supports the Itanium platform and up to 8-way clustering that can scale to a maximum of eight processors, additionally it supports more Ram than Standard edition. Before installing Windows Server 2003 Enterprise edition, we should ensure that all the hardware on the computers are compatible to the operating system, do a proper inventory by determining if there is a currently installed version of Windows Server 2003 and get familiar with the Windows Server 2003 Enterprise edition you are about to install.
As a network administrator for a large company, when implementing Active Directory in Windows Server 2003 the following should be considered. Active directory on a Windows Sever 2003 network environment, Application modes of Active Directory, Active Directory structure and storage technologies, domain controller and their roles, replication technologies, search and publication technologies and how to install upgrade and migrate active directory in a network environment.
Medium to large organizations with distributed computing environments require their networked computers and other devices to communicate over remote connections in order to accomplish their daily task through client/server applications. Network administrators in distributed computing environments need a central repository of information and integrated services that will enable them to manage network services, devices, users and all information that they want to store. The main goal of any organization is to grow and with growth, they face many challenges and problems. For example, the need to secure networking systems and centralize management systems for the organization. They also need a way to manage their network services and resources.
A directory service like active directory provides organizations with a centralized location for them to store data in a distributed computing environment about their network and services and all users in the company who uses these devices. In addition, active directory helps organizations implement the services that ensures the information is distributed and available to all computers, applications and users. Active directory in other word is like a database storage system with a set of services that enables a network administrator to securely, delete, modify and locate data in the directory store.
Active director in an organization can be used for the following reasons, internal , external and application directory. Internal directory is what the organization uses inside the corporate network to publish information regarding users and resources . Internal directory provides employees of the company the ability to access the network of the company securely using a secure connection like virtual private network (VPN) connection. Virtual private network uses a public network to transmit private information but it is not available to non-employees. The information is keep secure by encryption, which keeps unauthorized people from reading the information as it makes its way through the public network. This is cost efficient for organizations because they can use an inexpensive public network to transmit information instead of an expensive private network for example the internet. An organization can use external directory to provide business client and customers with information regarding their products. These directories are usually sued to store information about customers and business partners. External directory are mostly found on the server in the perimeter network between the public internet and the corporate local area network. Replication traffic is a problem faced by most networking systems. This problem can be solved by using application directory. Application directory stores private directory information that is important to the application in a local directory or server as the application and does not require additional configuration to the active directory. This personalized data or information which is important solely to the portal application and does not need to be replicated, can be directly stored in the directory associated with the application.
Active Directory is the original service that comes with Windows Server 2003 operating system. It holds all the information available in Windows Sever 2003 operating system. Figure 1.1 shows the role active directory plays in windows server 2003 network and how it is used to manage identities, brokers, and the relationship between distributed resources in order for them to work close together.

Active Directory provides the following advantages to an organization’s network environment.
Active directory provides a central point for network administrations and delegation of administrative authority. Active Directory provides network administrators with ease of management and application of security and group policy by granting them access to objects representing all network users, devices and resources, and the ability to group these objects. Active directory provides a location for network administrators to store, organize, manage and control network objects, like computers, users, and groups. Network administrators need to have the skills and understanding of group policy in order to incorporate it into the organizations active directory structure. This enables them to easily manage and control various configurations, for example user desktop settings, domain security and desktop, and how to deploy and manage software.
CASE SCENARIO
As network administrators, we are asked by the IT manager to create a new GPO using Group Policy Object Editor MMC snap-in.
First, we need to sign into our administrator account. Then click start, Run and type in MMC and then press enter. Next click file on the menu bar, and click on Add/Remove Snap-in,
Click Add, in the snap-in dialog box click Group policy object Editor and click Add. Once in the select Group Policy Object box, click Browse. Click all tabs to display a list of all GPOs that currently exist. Right click a blank area and click next. Rename the new GPO with the name you choose and press Enter, click OK and then finish
Click close at the Add Standalone Snap-in window and click OK at the Add/Remove Snap-in window. Group Policy Objects can also be applied to domains, sites and organization units.
Every organization knows that a good management is extremely essential for all modern networks. As a network administrator, implementing Active Directory on a Windows Server 2003 will enables users to effectively manage a potentially chaotic group of resources. For example, user’s accounts shared printers and shared folders. Active directory does not only make the lives of network administrators easier, it makes the lives of users easier by providing a hierarchy of management elements that will allow us to organize resources, advertise their existence and control access to these resources. Active directory provides information on security and single sign-on for user access to all network resources. Users account is the basic unit of any Active Directory environment. A user account holds the key to all the information about a user. If a user account is not defined in an active directory, the user cannot log on or gain access to network resources. User accounts are not only necessary for authentication but are also used to describe the user associated with that account. User accounts hold information about individuals and various configurations setting for their working environment. Active directory stores a user account object and it contents all the information that defines a user with access to the network. User accounts are important because they assist in the administration and security of the network by demanding proper authentication for users connecting to the network, control access to network resources like shared printers and folders and most importantly, monitoring access to resources by auditing activities by users logged on with a specific account. Active directory provides an organization with integrated security that eliminates costly tracking of accounts for authentication and authorization between systems. Establishing a naming convention is essential when creating a new user account because a single user name and password combination will not only identify each network user but also follows the user throughout the network. Naming conventions can go by first name and last initial or first initial and last name or last name and first initial.
Active Directory provides scalability to a network environment. An Active Directory contains one or more domains where each domain has one or more domain controllers. This enables a network administrator to scale the directory and meet any network requirements. A domain is mainly a logical group of computers that are generally characterized by centralized authentication and administration. A windows Server 2003 active directory stores users, groups and computer accounts in a centralized directory database. The directory purposely centralizes both authentication and administration while the database itself stores one or more computer configure in a role called a domain controller. Domain controllers are members of a domain and are configured explicitly in a Windows Server 2003 to store copy of the Active Directory database, service user authentication request about domain objects. Most organizations prefer to dedicate their server to the role of a domain controller, others prefer to use their domain controllers to provide print, file, application and network services on the network. Whichever role an organization decides to use their domain controller will depend on the current usage of the server if they have sufficient resources available to handle those roles. Windows Server 2003 Standard edition can be configured as a domain controller.
Active directory provides flexibility and global search to a network environment. With its many new services and features, network administrators and users can use desktop tools to search Active Directory through the global catalog, which provides forest-wide each capabilities.
Active directory plays a great role in storing application data. Active directory has a centralized location to store data and the data can be shared between or with applications that need to distribute their data across the entire network environment. Active directory in a network environment provides secure and cost-efficient replication between domain controllers by systematic synchronization of directory updates throughout the network.
Active directory enables users and administrators with proper permission to connect to any domain controller remotely on any computer where administrative tools are installed organizations today relay on remote access to provide users outside an office access to resources on the internal network. For example, organizations with business travelers such as vendors would not have the use of basic resources necessary to do their jobs if they do not have remote access to the network. Remote access is essential because it provides mobile users such as vendors access to network resources on the internal network such as files, printers, e-mail and database to retrieve or send information. Remote access is cost-efficient and time saving for an organization, for example, a computer problems that occurs during after work hours can be fixed remotely by a network administrator at home thus saving hours of valuable time. Virtual Private network will be a perfect choice for an organization because it is a relatively inexpensive public network as compared to a relatively expensive private network. Even though virtual private network has some drawbacks including security risk involved by allowing access to network resources from the internet, an organization will gain from its high speed capabilities and the reduced maintained fees gained by eliminating modem pools.
Active directory provides a means for application data to be stored in a centralized location so that they can be shared between applications and with applications that need to distribute their information across the entire Windows network. The directory service provided by active directory is divided into several layers including the Extensible Storage Engine (ESE), the Database layer and the Directory Service Agent (DSA). On top of these three layers, we have the Lightweight Directory Access Protocol (LDAP), Replication and SAM. The LDAP is used to provide communication to other services. Figure 1.2 shows the layers of Active Directory physical storage. Each adjacent layer communicates between each other. The Extensible Storage Engines is the layer that actually access se the Active Directory store. This layer is responsible for the manipulation of database files the ESE deals mostly with nonhierarchical form of data while the Database layer is responsible to provide and object-oriented hierarchy of all the objects found in the Active Directory. The Database layer communicates only with the DSA layer. The Directory Service Agent is responsible for enforcing the rules that governs how objects in the Active Directory are manipulated and created.
Active Directory provides systematic synchronization of directory updates in a Windows Server 2003 network environment. Active Directory is equipped with replication topology, which is the combination of paths used to replicate changes between domain controllers. When changes are made on a domain controller, they do not communicate directly between each domain controller. After a while, the updates are propagated to every domain controller that host a given naming context. Thanks to the ability of Active directory to systematic synchronize updates, the updates can be distributed through out the organization’s network through secure and inexpensive replication between domain controllers.
All of Active Directory objects are defined in the Active Directory schema. This single, modifiable and extensible schema is a set of objects and rules providing Active Directory with its structure requirements. This schema in Windows Server 2003 defines the object for the whole Active Directory structure. In addition, active Directory schema can be modified to implement new types of objects to object properties. However, there is only one schema for a given Active Directory implementation and this schema is replicated among all domain controllers within the organizations network.
An object represents all the network resources in and organization and is used to store and reference data in the directory. For a single forest, the Active Directory database file (Ntds.dit) provides the physical storage for all active Directory objects.
Active Directory replication enables updates made to data in the directory to be automatically distributed t the appropriate domain controller. Active directory replication provides a data repository that is logically centralized enabling a single point so administration while the physical distribution provides synchronization on a multiple domain controller all around the network.
Windows Server 2003 is shipped with a Microsoft Domain Name System (DNS) and is specifically designed to support the needs of Active Directory. Windows Server 2003 uses DNS for naming resolutions. For computers in a network to contact another computer, they will need to use numbers instead of friendly names, naming resolution resolves these friendly names into numbers so that computers can use them to communicate with other computers. DNS is the primary naming resolution on a Windows Server 2003 which is the same system used on a public internet. Furthermore, another to locate domain controllers that are running active directory or a server that is running a given service client computers can query DNS and obtain the addresses of one or more servers running the requested service. Active Directory needs DNS to function correctly because it uses DNS to implement an IP-based naming system in other that active directory services and domain controllers can be located over standard IP both on the intranet and on internet. IP address contains information needed to contact a remote system on a IP network. Active Directory requires DNS to store service location information. IP address contains the information needed to contact a remote system on an IP networking environment. IP addresses are also used to determine on which computer network a particular computer is located and for which computer on that network the data is destined. An example of a DNS naming convention would be omegacorp.net and its child domain would be asai.omegacorp.net.
In a small organization, implementing DNS is easy. During the process of installing active Directory if in that case no DNS has been configured for the domain, the Active Directory wizards then gives you the option of whether it should install DNS during the installation of Active Directory. In a larger organization, installing DNS is often done on multiple servers. In implementing DNS, you have to add DNS on each of these server individually by using the Add or Remove Program because DNS is not automatically added when member servers are promoted to controllers. An important point to remember when installing DNS on a Windows Server 2003 is that you must have a static IP address configured on your server before the installation. Typically, a computer on a workstation that requires access to the internet will need and IP address to identify its chosen DNS server. This is true because if network administrators configure a workstation manually, then we have to enter the DNS server’s IP address but if we configure the workstation automatically with dynamic Host Configuration Protocol (DHCP) then a DNS server’s IP address is normally provided by the DHCP server. If the workstations configured automatically and needs to look up and IP address, then the workstation will use the IP address for its DNS server to send a query to the DNS server. It is time consuming and hard work for network administrator to configure IP address for each workstation. DHCP reduces the amount of time used in configuring workstations and is used to automatically configure the TCP/IP protocol on workstations. DHCP is advantageous to an organization because it reduces the amount of time a network administrator spends configuring computers on their network.
Because Active Directory supports Lightweight Directory Access Protocol (LPAD), which is an industry standard directory access protocol, the organization will gain wide accessibility to management and query application. LADP is used extensively with Active Directory and it is important for network administrator to understand how to use LDAP naming paths. Two LDAP supported by Active Directory are LDAPv3 and LDAPv2. Active Directory Application Mode is a LDAP directory service designed specifically for directory-enabled application. Even though Active Directory offers numerous benefits to an organization like managing network infrastructure, but some organizations prefer a more flexible directory service to support directory-enabled application. ADAM is a directory service designed with the purpose of rendering organizations who do not want to use Active Directory only to provide their directory services for directory-enable application.
Windows Internet Naming Service (WINS) plays an important role in a Windows Server 2003 network environment. A large organization with the ability to afford expansive WAN will require several WINS servers installed individually on each server. Windows Server 2003 has the ability to act as a WINS server through the WINS service. Because WINS is never installed automatically on a Windows Server 2003, we will have to use the Add or Remove Programs. When implementing multiple WINS server, we have to configure replication between them, this will enable the WINS servers to contain the same information.
Active Directory uses several components that provide a means to design and administer an organizations hierarchical logical structure of the networking environment. Active Directory uses these logical structures to represent the directory hierarchy. Active Directory logical structure is made up of domains and organization units, trees and forest and trust. In to effectively manage, troubleshoot and maintain a network, a network administrator needs to understand these logical structures and how they work to communicated between each other. Windows Server 2003 domains are used to manage the various population of users, computers, groups and printers that are part of an organization network and share a common directory database in your organization. Thus you organization will benefit form numerous advantages including decentralized administration, a unique ability to configure security settings and most importantly control replication traffic in your organizations network environment. An organization unit is used to organize objects within a single domain, these objects include users, groups, computers and any other organizational units that can be stored in an organizational unit container.
CASE SCENARIO
The IT manager wants us to organize our users based upon the department in which they work.
For example, we have post-judgment department, suite department and book keeping department. In this case, we will have to create separate units to store the uses and objects. We will have to create a post-judgment organization unit to store all of our post-judgment users and objects. Create a suite organization unit to store all our suite department users and object. Create a bookkeeping unit to store all our book keeping users and groups. These separations of department into organization units will make it easy for us network administrators to locate and manage Active Directory objects and allow us to apply Group policy settings to define more advanced features like software deployment and desktop restriction based upon the different departments, locations or job function. Moreover, other advantage an OU will provide an organizations network is the ability to delegate administrative control over organizational units. Organizations units can be created within domains to subdivide the various division of administration.
Figure 1.3 demonstrates the structure of a domain with several organization units.

While domains are used to manage different populations of users, computers and network resources, the forest represents the security boundary for and Active Directory. The forest root

Domain is the first Active Directory domain created in an organization and is a collection of trees that do not share a continuous DNS naming structure. A global catalog is shared throughout the forest and it is an index and partial replica of the objects and attributes that are mostly used throughout the entire Active Directory structure. When a transitive trust is created that means all other trusted domain implicitly thrust one another. While the logical structure of Active Directory is made up of domains, organization units, trees, forest and trust the physical component is made up of domain controllers, sites and site links. Active Directory logical structure is made up of a two-dimensional definition this looked at as a hierarchy but the objects are actually stored in a flat database file. The container includes its own name and the name of the object above it in the hierarchy. The container stores the name of its superior container up to the root container. This makes it easy for network administrators to view the tree of the container using Active directory tools. This hierarchical naming system makes the object in the tree looks as if it nested inside each other.
Microsoft ahs included in Windows Server 2003 internet Information Services (IIS) that provides the essential Web-related services that is greatly need by and organization. IIS enables an organization to create and effective and secure internet and intranet presence. Internet Information Service (IIS) is a web server that provides Web related services to an organizations Windows Server 2003 networking environment. Before we install and configure IIS, we need to ensure that the operating systems secured by means of a firewall or antivirus. We also need to make sure that we do not have any ports open in the firewall before the installation. After the installation and configuration of IIS, we still need to maintain and update the server by performing regular backups, applying updates and stopping and starting IIS related services. During a regular installation of a Windows Server 2003, IIS 6.0 is not installed by default we have to manually install individual IIS components through the Add or Remove Program applet in Control panel. IIS server is important to an organization because it provides the highest degree of security for their network resources. In addition, IIS 6.0 is locked down to provide more security and offers enhanced scalability and improved load balancing. Internet Information Services is made up of four main parts including The World Wide Web (HTTP) that has the ability of hosting multiple Web sties accessible from the internet or an intranet File Transfer Protocol (FTP), which can be installed and configured to be able to copy files between the server and remote locations. Network News Transfer Protocol (NNTP) services with the capability of maintaining a list of topics and threaded discussion between users for example, partners of an organization can set up a newsgroup where they can post messages and employees can read them, and finally Simple Mail Transfer Protocol (SMTP) services, which provides e-mail capabilities. In an organization with a corporate intranet, IIS 6.0 will provide employees with many interactive online company resources like employees handbook, and department meeting minutes, with applications such as Office XP employees can enjoy team collaboration, and web based application such as how to fill out forms. An organization with an internet presence will provide employees with an additional customer service, online ordering and dynamic company information and news.
Windows Server 2003 supports two data storage types dynamic and basic storage. In addition, Windows Server 2003 supports a wide variety of disk fault tolerance features such as the different Redundant Array of Independent Disk (RAID) strategies. During the installation of Windows Server 2003 basic disk are installed automatically. The main difference between a basic disk storage and a dynamic disk storage is that basic disks are disk partitioned in four and uses logical drive designs while dynamic disk does not use traditional partitioning. With dynamic disk, there are no limits on the number of volumes that can be set up on one disk. Dynamic disk has the ability to extend volumes onto additional physical disk. RAID provides disk performance and fault tolerance strategies that can be implemented on a Windows Server 2003 system with numerous hard disks installed.
Network administrators are faced with the task of managing and modifying users account in a daily bases. Active directory provides network administrators with the following advantages.
Active directory supports multiple authentication protocols. It provides extendibility, flexibility and scalability. Easy resource identification. Active Directory provides automatic replication of information between the domain controllers. It provides identification and migration through integration with DNS services for all its operations. Easy administration of group policies and permissions. Active Directory provides full-integrated security for user's logon and authentication

Conclusion
This article covers the main features and capabilities of Windows Server 2003 and Active Directory and provides significant advantages to medium or large organizations interested in increasing their user productivity simplify administrative task, lower cost of ongoing operations and improve the performance, reliability and security of their networking system. Organizations implementing Windows Server 2003 Active Directory have seen an increase in their IT staff job performance and less time spend keeping their network operational. Thanks to Active Directory, IT staffs spend more time now improving the functionality of their network to ensure employee efficiency and business effectiveness, all of this made possible by the simplification for automated and centralized administration tools and technologies. Furthermore, organizations benefit from the integrated tools and technologies in windows Server 2003 Active Directory for the encrypted communications and policy implementation that provides users with the ability to enhance their privacy and security for stored information and communication. This makes it easy for administrator to install applications and configure applications without having to go through all the computers in the network. Organizations today depend greatly on their network performance. Active directory provides an organization with built-in data mirroring and fault tolerance technologies to maintain and improve their system uptime, and the ability for users to recover lost files simplicities data restoration task.
Finally, organizations that upgrade or migrate to Windows Server 2003 Active Directory will be able to increase their user productivity, improve reliability and integrity of their data. This will simplify daily task for their network administrators and ensure that the storage, communication and access of their network is kept as secured and private as possible, which is a dream of any organization, come true.

REFERENCE
Web Documents
Active Directory. (N.D) Retrieved June 1, 2010, form www.mivrosoft.com/AD http://www.microsoft.com/windowsserver2008/en/us/ad-main.aspx#
Information of Group Policy (n.d) From http://www.microsoft.com/grouppolicy
Active Directory information http://www.microsoft.com/windowsserver2008/en/us/ad-main.aspx Books
Windows Server 2003 Active Directory Design and Implementation is written by John Savill and published by Packt. John Savill (2005) Windows Server 2003 Active Directory Design and Implementation http://activedirectorybook.packtpub.com/ Jason W. Eckert, M. John Schitka and Brian McCann (2006), 70-291 MCSE Guide to Managing a Microsoft Windows Server 2003 Network, enhanced, COURSE TECHNOLOGY, CENTAGE Learning.
Dan DiNicolo and Brian McCann (2006), 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced. COURSE TECHNOLOGY, CENTAGE Learning.
Michael Aubert and Brian McCann (2006), 70-294MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced. COURSE TECHNOLOGY, CENTAGE Learning.
Chris Palmer, Basics of Networking, http://www.ardenstone.com/projects/seniorsem/reports/Basics.html

Similar Documents

Free Essay

Active Directory

...Active Directory Scenario: The small business that you created new domain controllers for now wants you to develop a backup and recovery plan for Active Directory. You also need to develop a monitoring scheme to ensure the new Active Directory environment remains available. Explain this backup and recovery plan along with the tools needed to monitor the active directory environment. Submission Requirements: Submit your response in a 1-2 page Microsoft Word document through the Questa Learning Plan. Evaluation Criteria: Your instructor will use the following points for evaluating your performance in this assessment: * Did you discuss a backup strategy or Active Directory? * Did you discuss a recovery plan for Active Directory? * Did you discuss a monitoring scheme for Active Directory? Windows Server Backup provides several Group Policy settings that give you some limited control over how backups work on your servers. With these backup policies, you can mitigate some of the risks associated with people performing unauthorized backups to obtain access to unauthorized data. The options include: Allow Only System Backup If this is set, Windows Server Backup can only back up critical system volumes. It cannot perform volume backups. Disallow Locally Attached Storage as Backup Target When enabled, this setting does not allow backups to locally attached drives. You can only back up to a network share. Disallow Network as Backup Target This setting does not...

Words: 297 - Pages: 2

Free Essay

Active Directory

...To back up Active Directory, you must install the Windows Server Backup feature from the Server Manager console. To perform backups from the command line, you will also need to install Windows PowerShell. Windows Server Backup supports the use of the disk drives as backup destinations. Windows Server 2008 supports two types of backup: • Manual backup: This type of backup can be initiated by using Server Backup or the Wbadmin.exe command-line tool when a backup is needed. You must be a member of the Administrators group or the Backup Operators group to launch a manual backup. • Scheduled backup: Members of the local Administrators group can schedule backups using the Windows Server Backup utility or the Wbadmin.exe command-line tool. Scheduled backups will reformat the desired drive that hosts the backup files, and can only be performed on a local physical drive that does not have any critical volumes. With all this taken into consideration I would perform a manual backup every time a major change is taking place and then use a scheduled backup every month to make sure every small change is saved and is not over looked. When a domain has multiple domain controllers, the Active Directory database is replicated within each domain controller. Windows Server 2008 allows several different restoration methods, depending on the goals for your restore. Wbadmin, is the command-line component of the Windows Server Backup snap-in, which restores a single Active Directory domain controller...

Words: 423 - Pages: 2

Premium Essay

Active Directory

...Chapter 1: 1. Which of the following items is a valid leaf object in Active Directory? a. Domain b. User c. Application partition d. OU 2. Which of the following domain controllers can be joined to a forest that is currently set at the Windows Server 2008 forest functional level? a. Windows 2000 b. Windows Server 2003 c. Windows Server 2008 d. Windows NT 4.0 3. You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers? a. Delegation of control b. Read-only domain controller c. Multimaster replication d. SRV records 4. The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called __________. a. Copying b. Osmosis c. Transferring d. Replication 5. The __________ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory. a. Secondary b. Primary c. Read-Only d. Mandatory 6. What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008? a. Parent-child trust b. Two-way...

Words: 591 - Pages: 3

Premium Essay

Active Directory

...Project- Windows 2012 Management 12/5/14 Active Directory is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services. An Active Directory domain controller authenticates and allows all users and computers in a Windows domain type network- assigning and enforcing security policies for all computers and installing or updating software. When a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Active Directory makes use of Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS. Active Directory, like many information-technology efforts, originated out of a democratization of design using Request for Comments or RFCs. The Internet Engineering Task Force (IETF), which oversees the RFC process, has accepted numerous RFCs initiated by widespread participants. Active Directory incorporates decades of communication technologies into the overarching Active Directory concept then makes improvements upon them. Microsoft previewed Active Directory in 1999, it was first released with Windows 2000 Server edition, and revised it to extend functionality and improve administration in Windows Server 2003. Additional improvements came with Windows Server 2003 R2, Windows Server 2008, and Windows...

Words: 627 - Pages: 3

Free Essay

Active Directory

...1. Benefits of directory services (AD DS) Without getting too technical and wordy, but being able to help the client understand more about what active directory does, the following can be explained: - AD shows a better representation of the network by a process known as centralization. Centralization is the process of managing users regardless of the size of the network in one location. - Utilizes organizational units to improve scalability. If an organization is large, OUs can help simplify the task by grouping resources (such as users and computers) that have similar rights. - Replication makes it easier because any changes that are made are replicated to other domain controllers so that the network can run more efficiently. http://www.techrepublic.com/article/the-benefits-of-moving-clients-to-an-active-directory-environment/ Active Directory Domain Services (AD DS) benefits: Redundancy Fault Tolerance Serves as a domain controller that authenticates users when logging on to a network. Participates in storing, modifying, and maintaining the AD database (Textbook) Page 3 for major benefits of AD DS Mark is concerned about ensuring the network so that it has little to no downtime at all. AD DS can help ease this issue because of the system providing fault tolerance. It continues to provide services even if 1 or more servers experience hardware failure or loss of connectivity. How does it do this? It does this through its multimaster...

Words: 625 - Pages: 3

Free Essay

Active Directory

...Based on the Active Directory implementation plan that I provided in the week two discussions, I wanted to create a plan that created strategies that would separate or let you know who users in which groups using Windows material are. I want to show that nesting a plan like this will be easier on the user, administrator, and company. Groups these days are used to keep users, connected parts, and everyone that is part of the domain. The administrator or Point of Contact can make things a lot easier when they use groups or grouping. Everything that is stored in the computer’s system from employee start date to age to termination, etc. is stored in the groups. (Microsoft TechNet, 2007) All the groups and users will have the same setting for security and permissions. There are a few groups that can be used. The types of groups we will use here are distribution groups and Security groups. The distribution groups will be used with all email applications for emails to be sent/received to all other users in that email list. Each group will be allowed to access the network. They can also give rights to users in the Active Directory and set different security issues on the network. Distribution and groups are made by the scope with a domain. The groups for Riordan will be local. It gives access to domains and security. (Cooper, 2011) An example of this would be any user or member using the domain. Usually members of this group do not change. The other groups usually only...

Words: 499 - Pages: 2

Premium Essay

Active Directory

...Riordan Active Directory Migration Tyler Dresslar POS 421 September 3, 2012 R.Chung Riordan Active Directory Migration Introduction With regards to Riordan Manufacturing acquiring new severs with Active Directory Technology, the company must look at migrating to Windows Server 2008 R2 in order facilitate the streamlining of work for the Information Technology Department. Moving to Active Directory will save Riordan TIME and MONEY, the benefits of such a move and implementation will be explained in the following paragraphs. Microsoft Active Directory Domain Services are the foundation for distributed networks built on Windows 2000 Server, Windows Server 2003 and Microsoft Windows Server 2008 operating systems that use domain controllers. Active Directory Domain Services provide secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services. Active Directory Domain Services provide support for locating and working with these objects. Windows 2000 Server and later operating systems provide a user interface for users and administrators to work with the objects and data in Active Directory Domain Services. Network administrators write scripts and applications that access Active Directory Domain Services to automate common administrative tasks, such as adding users and groups, managing printers, and setting permissions for network resources. Independent software vendors and end-user developers can use Active...

Words: 603 - Pages: 3

Free Essay

Active Directory

...1.By using SYBEX, please write step by step to A) Create new subdomain named by KualaLumpurCampus B) Create site name TimaBuilding C) Create new TWO (2) server object within TimaBuilding site, type ExamUnitTima & AdminTima D) Create another site name BlockA with a server object name BlockALibrary E) Create OU structure F) Create Active directory object G) Create and publishing printer H) Create and publishing shared folder 2. Find step by step how to assigning user privileges using Active Directory. 1. Go to Start} Programs} Administrative Tools} Active Directory Users and Computers. 2. Double-click the domain node in the console tree. 3. Click the Users folder. 4. Right-click on the GFI_ESEC_Floppy_ReadOnly folder and click Properties. 5. Click the Members tab and click Add. 6. Click Look in to display a list of domains from which users and computers can be added to the group. 7. Select your domain. 8. Click on your user name and then click OK. Testing Since the user groups created by GFI EndPointSecurity are already configured (and assigned privileges) in the default protection policies. You will be automatically assigned read privileges as soon as you add your name to the GFI_ESEC_Floppy_ReadOnly group, without having to bring up the GFI EndPointSecurity user console. To verify this: 1. Insert a formatted floppy disk...

Words: 735 - Pages: 3

Premium Essay

Active Directory Benefits

...One of the benefits of moving an organization to an Active Directory environment is the use of trees and forests. Trees are groups of one or more domains who share resources. Each domain within the tree trusts the other domains in areas of security. A domain added to a tree becomes a child of that tree root domain. These trees can then become a part of a forest. A forest is a collection of numerous trees who share a common large-scale catalog, directory outline, logical structure, and directory arrangement. Forests permit organizations to group their divisions that may need to operate self-sufficiently and use different naming patterns, but still need to communicate with the entire organization through trustworthy sites and share some of the same resources. This allows the organization to reduce costs without added complication and have greater security. (1) Another benefit would be user management. Due to active directory’s forest design, users in one domain are known to the forest domain director. This provides for more flexibility and ease of access for users who must travel from one site to another. A user can travel from site 1 to site 2 and still be able to log in with their usual username and password and have access to all resources throughout the domain. (2) Another useful tool within active directory is group policy. Say you have an employee or group of employees who don’t necessarily follow your rules for computer use. They change their CPU’s desktop environment...

Words: 434 - Pages: 2

Free Essay

Active Directory Replication

...There are a multitude of things that can go wrong with an Active Directory Replication process, but like most preventative maintenance issues, issues can typically be resolved quickly if proper precautions are taken. Such problems include the DNS Lookup Failure coming up as an error in the logs. This is caused by a DNS zone having improper links to the child zones, the IP configuration of the DCs having misconfigured DNS servers, or the mapping of the current IP address to the domain controller isn't correct, along with many other things. In order to fix these types of errors, it's important to test the connectivity through the prompt of dcdiag and verify that the CNAME records. If things aren't verifying correctly, restarting netlogon should fix the issue. But if not, verifying the IP configuration and the DNS servers are correct should correct the error. If an Access Denied from Active Directory on a manual replication begins, there is most likely an issue with permissions with the replication synchronization. Only certain containers that have had that assignment are eligible for manual replication. To be able to fix this, run the repadmin or replmon and that should be able to make the replication work for that directory partition. A very likely issue that can arise between active directories is that the replication between all the sites can become slow. This can be caused by an increase in the latency in the lines, or even if the number of sites continues to go...

Words: 337 - Pages: 2

Free Essay

Active Directory at Campus

...Active Directory Configuration for This Campus Three types of user accounts can be created and configured in Windows Server 2008 installation. The ITT Technical has to use a Domain Controller because the built-in Administrator account created in Active Directory has a full control of the domain in which it created. Groups have been used to make network permission easier to administer. For ITT Tech I will make three distinct groups of users: students, instructors, and administrators. When I determine in which group type I can allocate the students, instructors, and administrators. I have to nesting some groups. To add security and distribution using the group types that are available in the Active Directory domain are as follow: domain local groups, global groups, and universal groups. I will place in the domain local group: Director, Dean, Associate Dean, Registrar, and the Dept. Chair. Because they can contain user accounts, computer accounts, global groups, and universal groups from any domain, in addition to other domain local groups from the same domain. So, the domain local group can has access to all groups in the hierarchy three or forest and UOs. In the global group I will allocate the Instructors and Administrators. This global group can contain user accounts, computer accounts, and/or other global groups only from within the same domain as the global group. Global groups can be used to grant or deny permissions to any resource located in any domain in the forest...

Words: 384 - Pages: 2

Free Essay

Active Directory Accounts

...Active Directory Accounts Active Directory Accounts There is a lot of default groups for users called built in groups. In this paper I will be addressing four of them and the security and risk that arise with them. First we have the administrators group, in this group there are not many users do to the amount of permissions that are bestowed upon the user. They have complete control over everything otherwise known as Full Control which means they can read write execute modify and delete but believe you me myself would detour anybody but a certain few the power to delete. So by default the built in group Administrators gives full control so only a select few will be put into this group and in most cases just one person. Also the administrators group allows the user to have complete control over the domain controllers to add users and set permissions. So the only people you would ever see in this group are Network Administrators. There are a lot of other things this group can do but for this paper that’s all I’m getting into. The next built in group I’ll be talking about is the Account Operators with this account the users are limited when it comes to permissions. They can modify and delete user and user group information but only on their local domain but they can’t modify anything having to do with administrators. So locally they could cause a threat to local groups and users but across the network they have no control so if there is an issue to arise cause by a member...

Words: 801 - Pages: 4

Free Essay

Benefits of Active Directory

...Unit 8 Assignment 2 Benefits of Active Directory An Active Directory structure is a hierarchical arrangement of information about objects. The objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs). Each object represents a single entity—whether a user, a computer, a printer, or a group—and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object represents— defined by a schema, which also determines the kinds of objects that can be stored in Active Directory. The schema object lets administrators extend or modify the schema when necessary. However, because each schema object is integral to the definition of Active Directory objects, deactivating or changing these objects can fundamentally change or disrupt a deployment. Schema changes automatically propagate throughout the system. Once created, an object can only be deactivated—not deleted. Changing the schema usually requires planning. Sites are physical (rather than logical) groupings defined by one or more IP subnets. AD also holds the definitions of connections, distinguishing low-speed (e.g., WAN, VPN) from high-speed (e.g., LAN) links. Site definitions are independent of the domain and OU structure and are common across the...

Words: 557 - Pages: 3

Free Essay

Active Directory Backup

...supported by Active Directory. Describe the difference between each of these backup strategies; how they are implemented and what tools can be deployed to accomplish these tasks. Active directory has two different types of backups. They are NTBACKUP and Windows Server Backup. The Windows Server Backup is the only “all in one” type of backup. It allows you to work with Volume Shadow Copy Service snapshots in Active Directory. The Window’s Server Backup lets you backup to direct-attached disk volumes, network shares, external hard drives and even DVD’s. You are also able to utilize Group Policy settings to help keep the files safe from people who should not have access to them. The next backup option is NTBACKUP which is a file based backup tool but it has been replaced with the Windows Server Backup. 2. Explain fragmentation. Compare and contrast online defragmentation and offline defragmentation. Fragmentation is when parts of a file are saved in several different areas on the hard disk instead of all together. Online defragmentation is an automated defragmentation process that runs on a schedule. With online defragmentation the physical size of the database is not reduced. Offline defragmentation is just the opposite of online. Offline defragmentation is used to shrink the database size by removing the unused spaces. 3. What factors must be considered and planned to implement a successful Disaster Recovery Plan for a network using Active Directory? A couple factors...

Words: 498 - Pages: 2

Free Essay

Active Directory Domain Services

...Alex Ng Essay 3 Scenario: The small business that you created new domain controllers for now wants you to develop a backup and recovery plan for Active Directory. You also need to develop a monitoring scheme to ensure the new Active Directory environment remains available. Explain this backup and recovery plan along with the tools needed to monitor the active directory environment. Active Directory domain services are a crucial and vital component for a windows workplace. Any failure can result in serious damages. Failure from corruption can result in being unable to log in and the inability to access data from the directory database. To back up Active Directory, you must install the Windows Server Backup feature from the Server Manager console. At a minimum, we need to back up two domain controllers in each domain, one of which should be an operations master role holder (excluding the relative ID (RID) master, which should not be restored). A good backup includes at least the system state and the contents of the system disk. Backing up the system disk ensures that all the required system files and folders are present so you can successfully restore the data. Restoring Active Directory can be done using the Windows Server Backup utility as well. A non-authoritative restore returns the domain controller to its state at the time of backup, then allows normal replication to overwrite that state with any changes that have occurred after the backup was taken. After you restore...

Words: 412 - Pages: 2

Popular Essays

The Exchange Rate Essay
Agriculture Essay
Alinhamento Organizacional Essay
Business Law Essay
How Personal Can Ethics Get? Essay
Performance Evaluation and Ratio... Essay