سیستم عامل مدیریت شبکه
هدف درس: کسب مهارت شروع کار با سیستم عامل های مدیریت شبکه
مباحث اصلی:
1- مفاهیم اولیه:
تعریف سیستم عامل مدیریت شبکه و مفاهیم مربوطه
مفاهیم مربوط به اشتراک گذاری منابع و امنیت آن
انواع روشهای به اشتراک گذاری منابع و امنیت آن
2- Active Directory
معرفی ابزار Active Directory، نگهداری و پشتیبانی و ...
3- ISA Server، TMG ، UAG و Windows Server 2012 R2 feature Web Application Proxy
4- معرفی پیکربندی های مختلف
پیکربندی Firewall، Cache Server، Proxy Server، VPN و ...
13. 13
پخشی محلی های شبکهLAN - Ring
•هر مستقل ارسالBitخط روی
•اختالف حل مکانیزمهای:
•IEEE 802.5(IBM Token Ring)سرعت با4Mbps-16Mbps،
–نوبتی ارسال
•IEEE 802.4(FDDI)سرعت با100Mbps
–Fiber Distributed Data Interface(FDDI)
–Access Method: Token Passing
•شود نمي استفاده ديگر فوق مکانیزمهاي
25www.KhanAhmadi.com
پخشی محلی های شبکهLAN - BUS
Ethernet Bus:
This is a coax based Ethernet network. Machine 2 wants to send a message to
machine 4, but first it 'listens' to make sure no one else is using the network.
Collision:
This animation starts with machine 2 and machine 5 both trying to transmit
simultaneously.
26www.KhanAhmadi.com
14. 14
با محلی های شبکهHubوSwitch
Using Hub:
machine 1 is transmitting data to machine 4, but this time the signal travels in and
out of the hub to each of the other machines.
Using Switch:
To overcome the problem of collisions and speed, a switch is used. With a switch,
machines can transmit simultaneously, in this case 1 & 5 first, and then 2 & 4.
27www.KhanAhmadi.com
گیری پشتیبان
This is a collection of pages covering the basics of backup.
• What is a Backup?
• The Need for Backup
• When to Backup?
• How Often to Backup?
• How to Backup?
• What to Backup?
• Difference between: Full, Differential, and Incremental Backup
• Built-in Backup Features in Microsoft Windows
• Where to Store a Backup?
• Always Test the Backup
http://www.backup.info/
www.KhanAhmadi.com 28
15. 15
گیری پشتیبان
What is a Backup?
A backup is a copy of any kind of data, created as a replacement for situations when the
original is lost or corrupted due to things like: hard disk failure, accidental deletion, theft,
flood, virus infection, etc.
کرد جایگزین را آنها بتوان اطالعات به نداشتن دسترسی یا شدن خراب یا رفتن دست از صورت در تا ارزش دارای اطالعات از کپی.
The Need for Backup
If your data is of any value to you, you should back it up . اگراطالعاتبرایشماارزشدارد
When to Backup?
The time to backup is now, not tomorrow. دراولینفرصتیکهاطالعاتتغییرکردپشتیبانتهیهکنید.
How Often to Backup?
backup up important files as often as possible. In the past, creating a backup was a time consuming
and tedious task. Thankfully, today there is many good backup software solutions, and strategies.
How to Backup?
Manual backup, Semi-automated backup(need to remember to run software), Fully-Automated
What to Backup?
1) Backup only the important files
2) Complete Hard disk Backup
www.KhanAhmadi.com 29
Difference between: Full, Differential, and Incremental Backup
گیری پشتیبان
www.KhanAhmadi.com 30
Type انواع Definition تعریف Benefits مزایا Drawbacks معایب
Full Backup:
کامل
(Normal Backup)
A complete backup of everything you want to
backup.
Restoration is fast,
since you only
need one set of
backup data.
The backing up process is slow.
High storage requirements.
Differential
Backup:
کاهشی
The backup software looks at which files have
changed since you last did a full backup. Then
creates copies of all the files that are different
from the ones in the full backup.
If you do a differential backup more than once, it
will copy all the files, or parts of files that have
changed since the last full backup, even if you
already have identical copies of those files in a
previous differential backup.
For restoring all the data, you will only need the
last full backup, and the last differential backup.
Faster to create
than a full backup.
Restoration is
faster than using
incremental
backup.
Not as much
storage needed as
in a full backup.
Restoration is slower than using a full
backup.
Creating a differential backup is slower
than creating an incremental backup.
Incremental
Backup:
افزایشی
The backup software creates copies of all the
files, or parts of files that have changed since
previous backups of any type (full, differential or
incremental).
For example if you did a full backup on Sunday. An
incremental backup made on Monday, would only
contain files changed since Sunday, and an
incremental backup on Tuesday, would only
contain files changed since Monday, and so on.
This method is the
fastest when
creating a backup.
The least storage
space is needed.
Restoring from incremental backups is
the slowest because it may require
several sets of data to fully restore all the
data.
For example if you had a full backup and
six incremental backups. To restore the
data would require you to process the
full backup and all six incremental
backups.
16. 16
ویژگیهایانواعBackupگیری:
1-Full(Normal) Backup:
•ازگرفته اپ بک اطالعات تمامیمیشود
–مزیت:ترین سریع و ترین ساده ،کاملترینRestoreدارد همراه به را.
–معایب:1-حجماشغال را زیادیمیکند2-و گیری پشتیبانRestoreآن کردناست کند بسیار.
2-Differential Backups:
نهشده ایجاد پشتیبان آخرین از که تغییراتی از تنهاBackupمیکند حفظ نیز را آرشیو بلکه میگیرد.
–مزیت:1-:به نسبتNormal Backupفضای و شود می ایجاد پشتیبان فایل تر سریعاشغال کمتری
میکند2-Restoreاز آن کردنIncremental Backupمیباشد تر سریع
–معایب:1-Restoreآن کردناز کندترNormal Backupاست.2-پشتیبان یک ایجادDifferential
backupایجاد از بیشتری زمانIncremental backupدارد نیاز.
3-Incremental backup:
آرشیوو میشود پاکاز تنها پشتیبانبعد تغییراتآخرینBackupمیشود گرفته.
–مزیت:بیشترینسرعتدرBackupنیاز مورد سازی ذخیره فضای کمترین و گیری
–معایب:زمان کندترینRestore(فایلهای از استفاده دلیل بهNormalزیادی تعدادی وIncremental)
بازیابی و گیری پشتیبان روشهای مقایسه
www.KhanAhmadi.com 31
پشتیبان اطالعات نگهداری محل
Built-in Backup Features in Microsoft Windows
Windows comes with backup features built-in, but it compares very poorly to third-party backup
software. Most users find it is not worth the effort.
Where to Store a Backup?
Always Test the Backup: Having a backup is only helpful if the backup actually works! test it.
www.KhanAhmadi.com 32
Storage Type
Storage
Capacity
Cost of
Device
Ongoing Costs Speed Pros Cons
External Hard Drive High
Low per
gigabyte
None Fast
Easy to backup, easy to
automate.
Liable to same damage as master drive
if directly connected, and at the same
location. Since a virus or lightning strike
can corrupt both at the same time.
CD/DVD Low-Medium Low Moderate Slow Portable
Burning CD's and DVD's is time
consuming.
Solid State Storage,
such as memory stick.
Low
1GB-2GB
High per
gigabyte
None Medium
Portable, good for storing
small files, such as
documents.
Low capacity, easily lost or stolen.
Online Backup Medium-High
Free to
Setup
Set monthly fee,
Or even free for
up to 2GB.
Medium
Easily accessible,
Can be fully automated,
Off-site, no devices
required.
Large transfers may take a long time.
Other computer
connected through
network
Medium-High Medium None Fast
Fast. Software, and
technical skill required.
If the computer storing the backup is
onsite, it is at risk of same dangers as
the computer being backed up.
Magnetic Tape
(LTO)
High
Relatively
high
Relatively low Medium
For large data storage,
it's slightly cheaper than
storage on a hard disk.
Magnetic tapes are more vulnerableto
errors. Short storage life.
26. 26
تعريف چند(Group policy:)
• Group policy
Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group
Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory
directory service containers: sites, domains, or organizational units (OUs). The settings within GPOs are then evaluated
by the affected targets, using the hierarchical nature of Active Directory. Consequently, Group Policy is one of the top
reasons to deploy Active Directory because it allows you to manage user and computer objects.
https://technet.microsoft.com/en-us/windowsserver/bb310732.aspx
•Group Policyساختاریاستکهبرایاعمالمجموعهایازتنظیماتیاpolicyهابهمجموعهایاز
کاربرانیاکامپیوترهااستفادهمیشود.
•اینساختارازدوقسمتاصلیتشکیلشدهاست:Group Policy engineیاهمانموتورGPوCSEsکه
مخففclient-side extensionsاستومسئولیتنوشتنیکسریتنظیماتخاصرادرکامپیوترهایمقصد
کالینتهابرعهدهدارد.درواقعGroup Policy Engineیکرئیساستکهبهعواملخوددستورمیدهدکه
کاریرابررویافرادیاسیستمهاییکهتحتامرآنهستندانجامدهدوClient Side Extensionsدرواقع
همانعواملهستندکهدستوردادهشدهرابررویاهدافاجرامیکنند.
•تنظیماتGPدرGPOهایاهمانGroup Policy ObjectقراردارندکهاینGPOهادردامینهازندگیمی
کنندومیتوانندبهدیگرقسمتهایاکتیودایرکتوریهایدیگرلینکدادهشوندمانندسایتها،دامینهایا
OUها.تنظیماتGPOهاازساختارسلسلهمراتبیاکتیودایرکتوریتبعیتمیکنندوتوسطobjectهای
مقصدیکهتحتتاثیرقرارگرفتهاندارزیابیمیشوند.درواقعGPیکیازدالیلاصلیگسترش
اکتیودایرکتوریمیباشد.GPیکیازگروههایتکنولوژیمدیریتاستکههمهیاینگروههابهصورت
کلیبهعنوانIntelliMirrorشناختهشده،استخدماتیکهبهکاربرانارائهمیدهندشاملدسترسی
دائمبهبرنامههای،کاربردیتنظیمات،کاربردیپروفایلهایroamingکاربرانودادههایکاربراناست.
When the GPMC is installed on servers or client computers, the Windows PowerShell module is also installed.
•(گفت توان می ساده طور بهWindows PowerShellاست پیشرفته فرمان خط)
www.KhanAhmadi.com 51
Active Directory
Checklist for
Planning,
Installing,
Configuring Tools and Utilities
www.KhanAhmadi.com 52
27. 27
چکلیست(طراحی):ترجمهنکاتتجربی
www.KhanAhmadi.com 53
• Plan and configure your namespace and DNS
As described above, this is vital as incorrect configuration can lead to a variety of
problems. More detailed information is provided on naming and DNS configuration.
Consider including DNS checks as part of a regular maintenance plan. Changing
domain names is not something to be undertaken lightly, so it's worth planning
naming carefully. Note that in Windows 2008 Server, IPv6 is enabled by default; if
you're not using it, you may decide to disable it until it's needed (see Microsoft's IPv6
for Microsoft Windows: Frequently Asked Questions).
• Domain Controllers (DC)
Aiming for a minimum of two, possibly three domain controllers reduces the
probability of ever needing to restore the Active Directory database from backup. For
more flexibility, consider putting other services (e.g. file sharing) onto member
servers, and use your domain controllers only for authentication and name resolution
services such as DNS, WINS etc. This makes them much easier to move, upgrade etc.
• NetBIOS Names
If you are using the central WINS servers, plan the NetBIOS names of your servers
and domains (the first part of the DNS name, up to the first ".") to minimise the risk
of name clashes. See The Central Windows Internet Name Service (WINS) for further
information. If you use internal WINS servers (or don't use any) then you only need
to make sure you use unique names within your college or department.
چکلیست(نصب):
www.KhanAhmadi.com 54
• Upgrading
If you are adding a new type of domain controller into an existing domain (e.g. a
2008 domain controller into a domain of 2003 R2 servers), you normally need to
prepare the forest and/or domain before you add or upgrade the first server running
the new operating system. This is done using the adprep.exe command on the install
media of the new operating system. Among other things it upgrades the schema to
the required level. See for example the Microsoft Adprep page on preparing to add a
server running 2008 to a 2000 or 2003 domain or forest, and their other Adprep page
for adding 2003 to a 2000 domain. Note that to add a 2003 R2 server to a 2003 or
2000 domain, you need to use the version of adprep.exe on the second CD. Also that
this only applies for domain controllers.
• Dcpromo
Under 2003 (or 2000), use dcpromo to install Active Directory. It's a more flexible
method than one of the wizards, particularly if you need to change the NetBIOS
name of a domain. Under 2008 the wizard is more flexible and should allow you to
select the Advanced mode near the start of the process.
• Restore Mode Password
During the installation of Active Directory, you will be prompted for the Restore Mode
Password. Keep this safe as although it's rarely used you might need to know it for
certain maintenance and restore operations.
28. 28
چکلیست(راهاندازیونگهداری):
www.KhanAhmadi.com 55
• Replication
If you have more than one domain controller, check replication each time you add or
remove a domain controller. Consider checking periodically for errors as part of a
maintenance plan.
• Configure time
Configure the PDC emulator for the forest root to synchronise with an external time
source. This may be your college/departmental ntp servers, if you have them, or else
the OUCS stratum 3 NTP servers. Remember to change this if you move the PDC
emulator role. Everything time-related should follow automatically. See Configure the
Windows Time service on the PDC emulator for more information and instructions.
• Virtualisation
Running your Active Directory infrastructure within a virtual environment can work,
but there are some watch points. Avoid the use of REDO and snapshots for your
domain controllers. Also take care with time synchronisation. There are various
different schemes in use but the common principle seems to be, don't synchronize to
multiple sources on the same machine (e.g. don't use both VMWare synchronisation
and Active Directory's normal mechanisms). Also watch out for time problems when
you boot up a virtual server that has been down for some time. See for example
Virtualizing a Windows Active Directory Domain Infrastructure for this and other
information. NB for time synchronisation instructions, see the links in the previous
point above.
چکلیست(،نگهداریراهاندازی):
www.KhanAhmadi.com 56
• Global Catalog
In a single-domain environment, consider making all your domain controllers into
global catalog servers. In multi-domain environments, plan the placement of global
catalog servers together with the location of your operations master role-holders. See
Planning Global Catalog Server Placement and Designate a domain controller to be a
global catalog server.
• Operations Master Roles
These are installed by default onto the first domain controller in a domain or forest.
It's important to know where they are as some operations may fail if the relevant
operations master is unavailable. In more complex environments, particularly multi-
domain forests, you may need to move some of them. See Operations master roles.
• Install Additional Tools and Utilities
Some useful tools are not installed by default under Windows Server. Install the
Support Tools package on all domain controllers (from the support folder on the 2003 or 2000
Server CD or download the latest version from Microsoft.) Under Windows 2008 many of these
tools are included as part of the operating system. Also install the Group Policy
Management Console on any systems that you use to manage group policy (again it's
included on Windows 2008). It's more sophisticated than the built-in tools. It needs
at least Windows 2003 or XP (it is included with 2008 by default).
29. 29
چکلیست(،نگهداریپشتیبانی):
www.KhanAhmadi.com 57
• Backup and Restore
Configure backup for Active Directory as well as your file stores just in case. If you
use Group Policy, consider backing them up periodically, for example using the Group
Policy Management Console (see Tools and Utilities).
• Functional Level
to enable additional features, raise the functional level of your domain and forest as
high as possible. See Raising domain and forest functional levels and What Are Active
Directory Functional Levels?
• Maintenance Plan
Consider developing and using a maintenance plan. A minimum might be to check
event logs daily to weekly, paying particular attention to the additional logs available
on domain controllers. The Directory Services log will tell you about directory
replication, the File Replication Service log will tell you about file replication, and the
DNS Service log will tell you about the health of your DNS Service.
چکلیست(،نگهداریامنیت):
www.KhanAhmadi.com 58
• Certificate Services
Implementing a PKI infrastructure is a major topic in its own right and again benefits
from reading around before installing. The JANET certificate service can also be used to
secure certain services such as IIS web sites. Further information on setting up your own
certificate server as part of an Active Directory installation is available on the
Designing a Public Key Infrastructure pages.
• Firewalls
Domain controllers by default use dynamic port allocation so take care if you have
firewalls between your domain controllers, on your domain controllers, or between
domain controllers and domain members. It is possible to firewall a domain controller using
the built-in firewall, but it's not straightforward prior to Windows 2008 server. On Windows 2008
server the firewall is enabled; it is also configured automatically as required when you add roles.
• Security
Assess security. For example, consider applying a password policy using Group Policy;
increasing the size of all the event logs, configuring security logging, and keep an eye
on the event logs. Consider enabling some security logging on clients as this isn't
enabled by default. Group Policy can make this easier. If you decide to apply more
security settings, test thoroughly before letting them into the wild. For example Microsoft's
Windows 2003 Security Guide contains various predefined group policy templates, but benefits from some
understanding before implementing or it can have unexpected consequences.
30. 30
چکلیست(برنامهنگهداری):
www.KhanAhmadi.com 59
• Development and Testing
Consider using a copy of your preferred virtualization software to set up a test
domain where you can try out changes in a development environment. It may be
worth purchasing a subscription to Microsoft TechNet (email the Shop for details) .
• Health Check
Consider developing a more thorough health check procedure using the available
Tools and Utilities. Consider running through it or appropriate parts of it after any
major changes such as adding and removing domain controllers, renumbering a
subnet, etc., or just periodically.
UtilitiesandTools:
www.KhanAhmadi.com 60
• Many tools are available to help monitor and troubleshoot Active Directory
installations. Some of these tools are included as part of the Support Tools package
which is available from the 2003 Server CD, or can be downloaded from Microsoft.
The Support Tools are particularly useful and are worth installing as standard. On
Windows 2008 separate Support Tools are no longer available; many have been
incorporated into the standard 2008 installation (search for Command Reference Overview
in the Help and Support system to find out which as some tools haven't been included).
• This list is intended as a starting point to provide brief details of tools that between
them will provide a reasonable view of the health of Active Directory (plus a couple of
utilities for managing accounts.) It is not intended as a definitive list as there are many
other useful tools available.
31. 31
Tools and Utilities:
www.KhanAhmadi.com 61
• ntdsutil
Use for command-line maintenance of your Active Directory database. Installed by
default on domain controllers and menu driven. Although many of its functions are
also available via the GUI, it's worth becoming familiar with this tool as sometimes
nothing else will do. For example, it's needed for cleaning up if a domain controller
isn't demoted cleanly.
• dcdiag.exe
Command-line tool to perform various domain controller tests to help confirm health
and diagnose problems. Part of the Support Tools suite (2000/2003) or included by
default in Windows 2008.
• netdiag.exe
For network-related tests and troubleshooting. Part of the Support Tools suite
(2000/2003) or included by default in Windows 2008.
• repadmin.exe and replmon.exe
Command-line tool to monitor and troubleshoot replication issues (repadmin.exe) and
a GUI version that provides much of the same functionality (replmon.exe). Part of the
Support Tools suite (2000/2003) or included by default in Windows 2008 (replmon is
no longer provided).
Tools and Utilities:
www.KhanAhmadi.com 62
• ntfrsutl.exe
Accesses information on the ntfrs service including subscription information etc. Part of the
Support Tools suite (2000/2003) or included by default in Windows 2008.
• Sonar
A graphical tool to monitor the status of the File Replication Service. Look for it on the Microsoft
Download Center.
• ADSI Edit
Low level editor for Active Directory. Installed as part of the Support Tools for Windows Server
2000 and 2003, and installed by default when you install Active Directory on Windows Server
2008.
• Group Policy Management Console (GPMC)
It's been around for a while but you need to download it separately on 2003 (it's included in
2008). An improvement on the built-in group policy editor, you need at least 2003 server or XP
SP1 to run it. Download it from Microsoft.
• dsadd, dsget, dsmod, dsmove, dsquery, dsrm
Built-in command-line tools included with 2003 and 2008, use /? after the command for syntax.
32. 32
Tools and Utilities:
www.KhanAhmadi.com 63
• csvde, ldifde
Built-in command-line tools included with 2000 and above, csvde is particularly useful for
dumping the contents of Active Directory into a csv file, or creating new objects from a similar
file. Again, use /? after the command for help.
• ADModify
Created to make it easier to do bulk operations on Active Directory objects, such as modifications,
imports and exports. Requires .NET framework installed (version 2 probably). It's currently
travelling the internet so download from http://ADModify.NET and check the Microsoft Exchange
Team Blog for an introduction.
• redirusr.exe and redircmp.exe
Built-in command-line tools included with Windows 2003 and above. Change the default
containers for new user and computer objects respectively.
• Account lockout and Management Tools
Microsoft have provided a number of tools in their Account lockout and Management Tools
package, to help in these areas, along with a script to turn on Kerberos logging. They also
provide some information on the Account Management Tools.
Active Directory Concepts:
www.KhanAhmadi.com 64
• If you are new to Active Directory, it may be difficult to know how to get started. If you've picked it up as you go along, you
may want to identify the gaps in your knowledge. This section provides a checklist of the key areas that you will need to
understand and some pointers to finding more information. It isn't absolutely exhaustive, but aims to include most major
areas. If you're after a more formal approach, ITS3 sometimes organize on-site Active Directory Design and
Implementation courses and Windows Server courses.
• Domain Name System
A basic understanding of how DNS works is essential, as well as the way computers use it to locate
Active Directory services. You will need to know how to configure, monitor and maintain DNS servers
that support your chosen Active Directory namespace. See the How to configure DNS for Active
Directory within the Oxford University Environment page for more information.
• NetBIOS Naming
Technically it's on the way out; in reality switching it off may be problematic, particularly if you're
reliant on browsing for resources. Understand the essentials is useful, together with the role of WINS
servers. If you use the central WINS service, be aware that names must be unique within the whole
of the University. See The Central Windows Internet Name Service (WINS) web pages for details.
• Operations Master Roles, or Flexible Single Master Operations (FSMO) Roles
Not all domain controllers are considered equal. One or more will hold your five or more operations
master roles. Microsoft provide a useful summary in their Operations master roles document. Make
sure you understand the main functions of the roles, which servers hold them, which ones should not
hold them in a multi-domain forest, which ones you can least live without for any length of time, how
to move them and what to do if you lose a server that holds one or more of them.
33. 33
Active Directory Concepts:
www.KhanAhmadi.com 65
• Global Catalog
A domain controller that is a global catalog server contains partial information on all objects in an
Active Directory installation. It can play a major role in the logging-in process, particularly in a multi-
domain environment. Knowing how to assign this role to a server is essential, and some
understanding of the part it plays useful. See for example Microsoft's document on The role of the
global catalog.
• Backing Up and Restoring Active Directory
For preference, you probably want to avoid ever needing to restore your Active Directory database
from backup by running at least 2 or 3 domain controllers. Cost may be an issue but for small to
medium sized units, if you limit the additional services that they run to name resolution services (e.g.
DNS and WINS, if used), they may not all need to be of particularly high specification. Limiting the
services running on domain controllers also makes them easier to replace if they fail. If you ever need
to restore all or part of your Active Directory, it will help to understand the difference between
authoritative and non-authoritative restore modes. Also make sure you know the Directory Services
Restore Mode passwords set when you installed Active Directory onto your domain controllers. See
Microsoft's Introduction to Administering Active Directory Backup and Restore for more information.
• Organizational Units
Useful for organizing your user and computer accounts, and particularly to group accounts for
applying Group Policy. For many units, the design of your organizational units will depend primarily on
which policies you want to apply to which groups computers and users.
Active Directory Concepts:
www.KhanAhmadi.com 66
• Group Policy
Powerful tool for enforcing your chosen configuration for users and workstations. Anything and
everything (well, almost) ranging from what appears on the Start menu, which software people can
run, the startup mode for services, security and audit settings, logon/logoff scripts, through to
software installation and much more. Extensible via templates, group policy can also be used to
manage some of the main Microsoft programs such as Office. It's helpful to understand concepts such
as inheritance, blocking inheritance, enforcing links, where group policy settings are stored, how they
are applied, backing up and restoring etc. One place to start is Microsoft's Group Policy Home Page.
• Domain and Forest Functional Levels
These depend on the operating systems running on domain controllers in your Active Directory, i.e.
whether NT, 2000, 2003, 2008. Different features become available when you raise the functional
level, and it's useful to know how to do so. There's normally little reason not to raise the level as high
as you can. See Raising domain and forest functional levels and What Are Active Directory Functional
Levels?
• Time
Synchronized time is vital to certain types of authentication (Kerberos) and it's useful to know how
time is synchronized automatically through domains and forests. The role of the PDC emulator(s) is
pivotal. Take extra care if running virtualized Windows servers. See How Windows Time Service
Works particularly the Windows Time Service Processes and Interactions section. See also Configure
the Windows Time service on the PDC emulator for instructions.
34. 34
Active Directory Concepts:
www.KhanAhmadi.com 67
• Replication
The replication topology and operation are usually quite straight forward in the single-domain
environment that is most common in the University. Even so, it is vital that replication works smoothly.
One source of problems is probably DNS configuration. More complex environments such as multiple
domains and/or multiple sites warrant more attention. See Replication overview and How Replication
Works.
• Authentication
Particularly important if you're planning on enhancing security, or linking to the central Kerberos
infrastructure. See the Authentication protocols overview and Introduction to authentication for some
introductory information, and Logon and Authentication Technologies for a more detailed explanation.
مراحلنصباکتیودایرکتوریدرویندوزسرور2012:
www.KhanAhmadi.com 68