33. Contents
Active Directory
Features of Active Directory
Active Directory Logical Components
Active Directory Physical Components
FSMO Roles
34. What Is Active Directory?
Active Directory
Directory service Centralized management
functionality
Organize
Single point of
Manage Resources administration
Control
35. Features
Store Information
Use DNS
Authentication and Authorization
Group policies
Replication
36. SINGLE POINT OF AUTHENTICATION
Before directory services
Server1
Server2
Server3
After directory services
Active Directory
Single sign-on
38. Domains
Logical partition in Active Directory database
Collections of users, computers, groups, and so on
Manage objects
Replication
Windows 2000 or
Windows Server 2003
Domain
39. TREES , FOREST AND OU
Forest root
and tree root ou Domain tree
root
parent
ou
HP .com MPHASIS
.com
child child
. west HP .com . east HP.com
39
41. Domain Controllers
Writable copy of the AD database
Domain controllers provide authentication and
authorization services
Domain controllers replicate directory partitions
Every domain controller in the forest has a
replica of schema and configuration partition
42. Sites
Collection of well connected ip subnets
Areas of “fast” network connectivity
Single site may contain many
domains
Single domain may span many
sites Domain Site
Domain controllers are associated with a given site
43. Global catalog
Global catalog The global catalog is a domain
controller that contains attributes for every object
in the Active Directory.
The commonly used attributes need in queries,
such as a user's first and last name, and logon
name.
All the information or records which are important
to determine the location of any object in the
directory.
All the access related permissions for every
object and attribute that is stored in the global
44. Flexible Single Master Operations
Most operations in Active Directory are multi-master,
meaning that any domain controller can write to the
Active Directory database
Some functionality must not be performed in multi-
master fashion, so five single master operations
roles are defined in Active Directory:
Schema master
Domain naming master
RID master
PDC emulator
Infrastructure master
46. TABLE OF CONTENTS
Overview of DNS
DNS Responsibilities
DNS Delegation
DNS Queries
Root Hints & Forwarders
DNS zones
DNS Resource Record
Advantage & Disadvantages Of DNS
Installation Of DNS
Configuration Of DNS Server to Client
Summary
47. What is DNS?
Internet Protocol
Distributed database
Maps hierarchically organized keys to values
E.g. host name to IP address
Mailer records
Name space
48. DNS Namespace
.( root)
com mil org edu gov net arpa uk fr
3com dell ati co ac
ox ic
oucs bnc chem
49. DNS Responsibilities
DNS Database is distributed
No one server is responsible for the whole namespace
Given name server is responsible for part of the
namespace
Called a zone
Server is “authoritative” for the zone
50. Delegation of Authority
Each primary and secondary name server is authoritative
for its domain. For example, if a DNS server contains the
zone files for the Contoso.com domain, that server is the
authoritative name server for that domain.
The authoritative name server, the server will not forward
any queries about hosts in that zone to any other DNS
server.
51. DNS Queries
DNS is having two types queries : -
Recursive Queries
Iterative Queries
52. Recursive Queries
A recursive query is one where the DNS server
will fully answer the query or give an error. DNS
servers are not required to support recursive
queries and both the resolver or another DNS
acting recursively on behalf of another resolver
negotiate use of recursive service using bits in
the query headers.
53. Iterative Queries
The response to an iterative query can be either the
name resolution that the client requested or a referral to
another DNS server that might be able to fulfill the
request. In our example, the ISP’s DNS server sends an
iterative query to a root server asking for the IP address
for www.NAmerica.Contoso.com.
55. Root hints and Forwarders
Root hints table provides IP addresses of name servers
for root domain
Starting point for iterative queries
DNS server can be configured as forwarder
Queries for information about which it is not
authoritative forwarded to other name servers.
56. Name servers
A name server may be authoritative for more than one
zone
Should be a minimum of two name servers for a zone
One server is primary
“Start of authority” for zone
maintains a zone file which has information about the zone.
Updates are made to the primary server
Others are secondary's
Updates to primary are replicated to secondary's (zone
transfer)
Stubs zones can be delegated to other name servers
57. Active Directory Integration
Forward Lookup Zones
Stores all Resource Records for Zone
Translates FQDN into IP Addresses
Required by AD to locate Services
59. Installing and Managing DNS
DNS Resource Records
Start of Authority (SOA)
Name Server (NS)
Host (A)
Alias (CNAME)
Mail Exchanger (MX)
Pointer (PTR)
Service Location (SRV)
60. Advantages of chosen AD DNS Setup
Main DNS remains secure
Host names controlled at central level
Client configuration remains unchanged
Only main DNS servers visible outside firewall
Allows dynamic DNS for DCs
DCs need this most
Can use Active Directory integrated zones
More secure
Multi master replication
61. Disadvantages of chosen AD DNS Setup
DNS queries carry no information about the client that
triggered the name resolution.
Ability to handle names does not increase with availability
of content.
62. Installing and Managing DNS
Installation Wizard
Simplifies Configuration of Server Roles
Installs Only Required Components
Ensures Secure Configuration
63. Steps to Configure DNS on
Subsequent Domain Controllers
Ensure the DNS setup on first DC is correct and working before
installing other DCs
Disable secure updates for all sub domains on first DC
Ensure new server is configured to use only the first DC as DNS
server in its TCP/IP configuration
Promote server to domain controller
Make sure that its entries are registered in DNS
Enable secure updates for sub domains on first DC
If desired, install DNS on new DC
Set as its own DNS server in TCP/IP config
64. Problem Expected in D-2-D Operations
Name Resolving
network connectivity
The scope of the problem
Try pinging a host Error
SRV , CNAME & Host file
66. Monitor DNS Server
Applications Manager provides in-
depth availability and performance monitoring of
DNS (Domain Name System). It also monitors
individual attribute of DNS monitor such as
Response Time, Record Type, Record
Available, Search Field, Search Value, Search
Value Status and Search Time.
67. Daily checklist
Ensure that the operating system is properly working & is
in the domain.
Ensure that administrator account is well protected.
Ensure that the DNS machine has been configured so
that no other service other than DNS is running.
Identify domains to be load balanced
Ensure delegate of sub domain on the primary DNS for
use by the DNS Controller.
Ensure that all default shares have been unshared on that
machine and that no anonymous access to the services is
allowed.
Ensure that all unused ports are closed.
68. SUMMARY
Name resolution is a process of converting a
computer name of address.
AD services requires DNS to function on the
network.
Types of zones: Primary , secondary & stub
zone.
AD integrated DNS services offers a more
efficient & secure zone than a traditional DNS
server.
Zone transfer occurs in traditional DNS zones.
Zone replication occurs in AD integrated zones
70. Objectives
• Outline the benefits of using DHCP
• Describe the DHCP lease and renewal process
• Install and authorize the DHCP service
• Configure DHCP scopes
• Create DHCP reservations for client computers
• Configure DHCP options
• Understand and describe the purpose of a DHCP
relay
• Install and configure a DHCP relay
71. What is DHCP?
• It stands for Dynamic Host Configuration Protocol
• DHCP automatically assign the IP address to the
computer
• The ipconfig /all command will indicate whether the
configuration came from a DHCP server computer
73. Leasing an IP Address
• An IP address is leased during the boot process
• Default lease period is 8 days
• Maximum lease period is 999 days
• Leasing an IP address is performed by DORA process
74. DORA Process
• DORA process means
DHCP DISCOVER
DHCP OFFER
DHCP REQUEST
DHCP ACK
75. Simple network
DHCP Server
DHCP Clients DHCP Clients DHCP Server
DHCP protocol is a mainly 4-step process:
Hello Mr. Server, I need to
connect to the
UDP Port UDP Port UDP Port
DHCP server discover
UDP Port
Internet, could you be kind
68 68 68 67
Okme up with an IP in
dude, I got some Broadcast
to hook
address?pool of address, I
my
lend you it. Check it out? DHCP server offer
Your IP : 123.45.78.6
Thank you Mr. Server, I Router
like your offer. I will use DHCP request
it.
Unicast
You’re welcome, here is
your configuration but DHCP acknowledge
it’s only for 3 days.
Internet
76
76. DHCP Message Types
DHCP Message Use
DHCPDISCOVER Client broadcast to locate available servers
DHCPOFFER Server to client response offering configuration parameters
DHCPREQUEST Client broadcast requesting offered parameters
DHCPDECLINE Client to server notification that IP address is in use
DHCPACK Server to client response confirming a request
DHCPNAK Server to client response denying a request
DHCPRELEASE Client to server request to relinquish IP address
DHCPINFORM Client to server request for configuration parameters
77
78. Renewing an IP Address
The IP address can either be permanent or timed
A permanent address is never reused for another client
Timed leases expire after a certain amount of time
Windows clients attempt to renew their lease after 50% of
the lease time has expired
A DHCP server may either honor or reject a renew request
79
80. Installation of DHCP
• Install DHCP on Windows Server 2003
• Make sure your network connection is statically
configured
• Install the service using the Add/Remove Windows
Components utility
83. Authorizing the DHCP Service
• Unauthorized DHCP servers can hand out bad
information
• DHCP will not start unless authorized
• If Active Directory is used, authorization takes place in
Active Directory
• DHCP servers are automatically authorized under certain
conditions
84. Creating a Scope
• Create a scope to distribute IP addresses to client
computers
• Manually enter the IP configuration settings as directed by
the text
• Create a new scope using the configuration settings
provided
85. Configuring DHCP Scope
• Scope is a range of IP address
• Each scope is configured with:
• Description
• Starting IP address
• Ending IP address
• Subnet mask
• Exclusions Range
• Lease duration
87. Configuring DHCP Scope
• Create a scope to distribute IP addresses to client
computers
• Manually enter the IP configuration settings as directed by
the text
• Create a new scope using the configuration settings
provided
89. Super scopes
• It is a collection of individual scope
• Combine two scopes into a single logical unit using a
super scopes
• First, create a second scope in addition to the scope
already created in a previous activity
• Create a super scopes to encompass the two scopes
• Use the DHCP snap-in for this activity
91. Multicast scopes
• It is used to deliver multicast address to a group of
computers
• It is defined by using the following parameters
• Starting IP address
• Ending IP address
• TTL
• Exclusions
• Lease duration
92. Creating DHCP Reservations
• Reservations are used to hand out a specific IP address to
a particular client
• Reservations are created based on MAC addresses
93. Vendor and User classes
Used to differentiate between clients within a scope
Vendor classes are based on the operating system
User classes are defined based on network connectivity or
the administrator
You can use the ipconfig /setclassid command to set the
DHCP user class ID
94. Configuring Relay agents
DHCP packets cannot travel across a router
A relay agent is necessary in order to have a single DHCP
server handle all leases
Relay agents receive broadcast DHCP packets and
forward them as unicast packets to a DHCP server
The DHCP relay cannot be installed on the same server as
the DHCP service
97. Comparison between Wintel and Unix
Wintel Unix
Ease of Use Microsoft has made several Although the majority Linux
advancements and changes that variants have improved
have made it a much easier to dramatically in ease of use,
use operating system, and Windows is still much easier to
although arguably it may not be use for new computer users.
the easiest operating system, it is
still Easier than Linux.
Open source Microsoft Windows is not open Many of the Linux variants and
source and the majority of many Linux programs are open
Windows programs are not open source and enable users to
source. customize or modify the code
however they wish to.
98. Comparison between Wintel and Unix(cont…)
Wintel Unix
Reliability Although Microsoft Windows has The majority of Linux variants
made great improvements in and versions are notoriously
reliability over the last few reliable and can often run for
versions of Windows, it still months and years without
cannot match the reliability of needing to be rebooted.
Linux.
Software Because of the large amount of Linux has a large variety of
Microsoft Windows users, there is available software programs and
a much larger selection of utilities. However, Windows has
available software programs, a much larger selection of
utilities, and games for Windows. available software.
99. Comparison between Wintel and Unix(con…)
Wintel Unix
Software cost Although Windows does have Many of the available software
software programs, utilities, and programs and utilities available on
games for free, the majority of Linux are freeware and/or open
the software the costs can be source. Even such complex
considerable programs such as Gimp, Open
Office, Star Office, and wine are
available for free or at a low cost.
Hardware Because of the amount of Linux companies and hardware
Microsoft Windows users and manufacturers have made great
the broader driver support, advancements in hardware support
Windows has a much larger for Linux and today Linux will
support for hardware devices support most hardware devices.
and a good majority of hardware However, many companies still do
manufacturers will support their not offer drivers or support for
products in Microsoft Windows. their hardware in Linux.
100. Comparison between Wintel and Unix(con…)
Wintel Unix
Security Although Microsoft has made Linux is and has always been a
great improvements over the years very secure operating system.
with security on their operating Although it still can be attacked
system, their operating system when compared to Windows, it
continues to be the most much more secure.
vulnerable to viruses and other
attacks.
Support Microsoft Windows includes its Although it may be more
own help section, has vast amount difficult to find users familiar
of available online documentation with all Linux variants, there
and help, as well as books on each are vast amounts of available
of the versions of Windows. online documentation and help,
available books, and support
available for Linux.
101. Advantage of Wintel and Unix
Wintel Unix
Lots of software and games are developed for More control and flexibility.
windows.
Unix has greater built-in security and
Windows is user friendly. permissions features than Windows.
Simply stated, the main difference is Unix possesses much greater processing
Windows uses a GUI (Graphical User power than Windows.
Interface) and UNIX does not. In Windows one
uses the click of a mouse to execute a less administration and maintenance.
command where as in UNIX one must type in a
command. Unix is more flexible and can be installed on
many different types of machines, including
Windows can often more easily be installed main-frame computers, supercomputers and
and configured to run on cheaper hardware to micro-computers.
run a desired 3rd party product.
Windows hosting is more easily made
compatible with UNIX-based programming
102. Disadvantage of Wintel and Unix
Wintel Unix
Very bloated with many features most Front Page Extensions
people don't use, thus slowing down the If you are using Microsoft Front Page to develop
computer and takes excessive hard drive your website, you will need to make sure that your
space. However this shouldn't be much of a Unix host offers Front Page extensions. If you don’t
problem with newer computers. have these extensions, you will not be able to use
Front Page to its complete abilities. Most Unix
There are many viruses programmed for based hosts are now offering these extensions, but
windows. there are still several that do not.
No .ASP
Can get a little pricey. If you plan to use Active Server Pages or .ASP for
your website, you will not be able to use this
Wintel has lower built-in security and language on a Unix server. Since this scripting
permissions features than Unix language is gaining in popularity, this can be a
tremendous downside if you select a Unix based
Unix possesses much greater processing host.
power than Windows. No Visual Basic
Like .ASP, Visual Basic is not supported on Unix
based hosting, so again, if you plan to use this, or
103. Conclusion
The best way to choose between UNIX and windows is to
determine organizational needs. If an organization uses mostly
Microsoft products, such as access, front page, or vbscripts, it's
probably better to stick with windows.
106. Microsoft having it’s own tools for monitoring
servers
1. Microsoft Operation Manager
2. Microsoft System Center Operation Manager
107. Microsoft Operations Manager
It helps improve the
availability, performance, and security of Windows ne
tworks and applications.
provides event-driven operations
monitoring, performance tracking, security policy
enforcement, and auditing capability.
108. MOM 2005 helps:-
1. Simplify identification of issues
2. Streamlines the process for determining the root
cause of the problem
3. Facilitates quick resolution to restore services and to
prevent potential IT problems.
109. Microsoft System Center Operation
Manager
• Operations Manager helps you to monitor your
infrastructure, applications, and IT services, and to
react to operational problems.
• Shows state, health and performance information of
computer systems.
110. Provides alerts generated according to some avail ability,
performance, configuration or security situation being
identified.
It places an agent, on the computer to be monitored.
The agent watches several sources on that computer,
including the Windows Event Log, for specific events
or alerts generated by the applications executing on the
monitored computer.