Terms you must understand:
U2713.GIF Domains
U2713.GIF Domain Trees
U2713.GIF Domain Forests
U2713.GIF PC accounts
U2713.GIF Run As feature
U2713.GIF Worldwide unique identifiers (GUIDs)
U2713.GIF Organizational units (OUs)
U2713.GIF Microsoft Management Console (MMC) 3.0
U2713.GIF Active Directory Users and Computers console
Techniques you'll need to master:
U2713.GIF Adding and removing PC accounts
U2713.GIF Prestaging PC accounts
U2713.GIF Using command-line tools for modifying Active Index objects
U2713.GIF Utilising the Action Pane in the MMC 3.0
U2713.GIF Enabling full functionality for MMC 3.0
U2713.GIF Handling resources using the Run As command
Microsoft introduced Active Directory with the debut of Windows 2000 Server in February 2000. Active Directory offers a index service for Microsoft-based networks in the same way that Novell Directory Services (NDS) provides a list service for NetWare environments. For Windows Server 2003, Microsoft augmented and refined Active List by making the catalog service more flexible, more scalable, and more controllable than its Windows 2000 predecessor. Active Directory is a vital element in Windows Server 2003, and its various benefits can supply a irresistible reason to upgrade, particularly if you're coming from a Windows NT Server environment.
Understanding how to manage objects inside Active Directory is urgent for a successful deployment and trustworthy day to day operations of a Windows Server 2003 Active Directory"based network. In this chapter, we introduce you to Active Index for Windows Server 2003. You'll learn to add, remove, and manage PC accounts in Active List. Sadly, network administration doesn't always go smoothly, so you will also learn about the way to remedy PC accounts in Windows Server 2003 and Active Directory.
Microsoft released Windows Server 2003 Service Pack 1 (SP1) on March 2004, as a major update. In December 2005, Microsoft released the R2 (Release 2) Version of Windows Server 2003, in 32-bit (x86) and 64-bit (x64) versions. This chapter and this book covers all these different permutations of the Windows Server 2003 operating systemâ€"the original Release to Manufacturing (RTM) version, SP1, and R2 in both the 32-bit (x86) and 64-bit (x64) flavors. The functionality and features covered in this book have an application to all of these editions, except where noted.
Introduction to Active Catalog
The various enhancements to Active Index include some of the major feature enhancements of Windows Server 2003. Active Index is a replicated and distributed database that stores PC related info such as usernames, passwords, telephone numbers, addresses, e-mails, group names, and computer names, to name a few. Active List is referred to as a index service as it provides users and computers with the power to look up information in a similar way that you look up info using a phone book catalog.
Special servers called domain controllers (DCs) are designated to store a copy of the Active Directory database, and these DCs are answerable for synchronizing the Active Catalog database with all the other DCs that share the database. Server PCs alongside workstation computers that are members of an Active Index domain, perform a few Active List queries (or lookups) in their everyday operations. As an example, Active Catalog domain-member computers need to know where close by DCs are for authentication purposes.
Active Directory is based on open, Internet-related standards, such as the Transmission Control Custom/Net Protocol (TCP/IP), the Domain Name System (DNS), the Kerberos authentication custom, and the Light List Access Custom (LDAP), among many others. In reality you cannot install Active Directory without TCP/IP and DNS installed and. Functioning within the network environment. You need to name Active Index domains employing a full DNS name such as examcram2.informit.com.
Domains, Domain Trees, and Domain Forests
A Windows Server 2003 PC (or a Windows 2000 Server PC) becomes a DC when a director runs the Active Catalog Installation Magician. You can run the magician by clicking Start, Run; typing dcpromo.exe; and clicking OK. This process promotes a server to a DC. The wizard makes 1 or 2 changes to the server PC to prepare it to become a DC. One of the major changes is the creation of the Active List database file itself. This file is named ntds.dit, and it must reside on a hard disk partition or volume that is formatted as NTFS. The default location for the ntds.dit file is the %systemroot% tds folder (for instance, c:windows tds).
The first Windows Server 2003 (or Windows 2000 Server) DC that you promote creates the root domain. As an example, if you promote a DC and name the domain examcram2.net, this domain becomes the root domain in the new Active List forest. The basic logical components of Active Catalog are as follows:
Domainâ€"One or more DC servers and a group of users and PCs that share identical Active Directory database for authentication and can share common server resources.
Domain Treeâ€"One or even more Active List domains that share a typical ordered DNS namespace (parent-child-grandchild and so on). As an example, examcram2.net might be the parent domain, northamerica.examcram2.net might be the kid domain, us.northamerica.examcram2.net might be the grandchild domain, and so on.
Domain Forestâ€"One or even more Active Catalog domain trees (each tree has its own DNS namespace) that share the same Active Directory database. An Active Catalog forest is a logical container for a few related domains.
No Primary or Backup Domain Controllers
Windows NT Server 3.5x and Windows NT Server 4.0 used the idea of one first DC (PDC) and backup DCs (BDCs), where just one of the DCs could act as the PDC at any one time. The PDC stores the read/write copy of the safety accounts manager (SAM) database, while each BDC stores a read-only copy of the SAM database. Instead , Active Catalog uses a method called multimaster duplication to distribute copies of the Active Directory database to all the other DCs that share identical Active Catalog namespace. This replication technology means directors can make additions, changes, or deletions to the Active Catalog database from any DC, and those modifications get synchronized with all the other DCs inside an Active Directory domain and the GCs within the whole AD forest. Active Directory allots the role of PDC Emulator to the first DC to come online in an Active Index forest. The DC which has the PDC Emulator role can communicate between Active Index and down-level PDCs and BDCs running on Windows NT Server 3.5x and Windows NT Server 4.0.
Organizational Units
To improve network administration, Microsoft created organizational units (OUs) to make provision for logical groupings of users, groups, computers, and other objects inside a single domain. You can delegate administrative authority over each OU to other directors for distributing network-management chores. The delegated authority can be limited in scope, when necessary, in order that you can grant junior directors just specific executive powersâ€"not complete administrator-level authority. Additionally, you can apply specific group policy object (GPO) settings at the OU level, permitting users and PCs to be managed differently according to the OU in which they are placed.
The Microsoft Management Console (MMC)
The MMC is the standard interface for hosting all the varied GUI tools and resources that directors use to control the Windows and Active Directory environments. The MMC is a shell that houses MMC snap-insâ€"the snap-ins essentially supply the functionality. The MMC gives a consistent and homogenized feel and look for all the snap-in tools. MMC snap-in files use the file extension .msc. You can see a few of the default snap-ins if you peruse the %systemroot%system32 folder on a Windows Server 2003 PC.
For example, on a domain controller, you can run the Active Index Users and PCs (ADUC) snap-in by double-clicking the dsa.msc file in the %systemroot%system32 folder. Otherwise, you can run the ADUC snap-in by clicking Start, Run, typing in dsa.msc, and clicking OK. You should include the .msc file extension for the snap-in to run. You also have the choice of clicking Start, Run, typing in. Mmc, and clicking OK to display an empty console; you may then click File, Add/Remove Snap-in to load the snap-in of your preference.
MMC 3.0
ICON TYPE When you upgrade Windows Server 2003 to the R2 Edition, the MMC gets upgraded to version 3.0 mechanically. The MMC 3.0 sports 3 major improvements over its prior versions:
The Action paneâ€"The Action pane is displayed on the right side of the console when it is not hidden. (It is mostly concealed by default on most snap-ins.) The Show/Hide Action Pane toolbar icon shown in Figure 2.1 is quite similar to the Show/Hide Console Tree toolbar icon. The Action pane displays the actions that can be performed on the now selected item in the console tree (left pane) or in the results pane (center pane). You can view the same list of actions by right-clicking an item.
Figure 2.1
Figure 2.1 A view of the Action pane for the ADUC snap-in under MMC 3.0 and Windows Server 2003 R2.
Enhanced Boo boo Handlingâ€"MMC 3.0 notifies you when gaffes happen within loaded snap-ins that could cause the MMC shell to stop responding. When the MMC 3.0 detects a boo boo, it can offer you some options to handle the gaffe.
Improved Add or Remove Snap-in dialog boxâ€"The re-designed Add or Remove Snap-in dialog box for the MMC 3.0 makes it more straightforward to add, remove, and organise snap-ins (see Figure 2.2).
Figure 2.2
Figure 2.2 The Add or Remove Snap-ins dialog box under MMC 3.0 and Windows Server 2003 R2.
Examination Alert
To enable MMC 3.0 features like the new Add or Remove Snap-in dialog box, you must add a new subkey to the Windows Registry.
Always have a good, latest backup of your system before you endeavor to make any change to the Registry.
Using regedit.exe, the Microsoft Registry editor tool, navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftMMC. You should add a new subkey named UseNewUI under this existing Registry key to switch on the enhancements to MMC 3.0. No reboot is mandatory; the change is effective immediately.
TIP
ICON TYPE MMC 3.0 supports a more impressive range of functionality than prior versions of the MMC; nonetheless MMC snap-ins must support the new MMC 3.0 features for the reinforced functionality to be available.
U2713.GIF Domains
U2713.GIF Domain Trees
U2713.GIF Domain Forests
U2713.GIF PC accounts
U2713.GIF Run As feature
U2713.GIF Worldwide unique identifiers (GUIDs)
U2713.GIF Organizational units (OUs)
U2713.GIF Microsoft Management Console (MMC) 3.0
U2713.GIF Active Directory Users and Computers console
Techniques you'll need to master:
U2713.GIF Adding and removing PC accounts
U2713.GIF Prestaging PC accounts
U2713.GIF Using command-line tools for modifying Active Index objects
U2713.GIF Utilising the Action Pane in the MMC 3.0
U2713.GIF Enabling full functionality for MMC 3.0
U2713.GIF Handling resources using the Run As command
Microsoft introduced Active Directory with the debut of Windows 2000 Server in February 2000. Active Directory offers a index service for Microsoft-based networks in the same way that Novell Directory Services (NDS) provides a list service for NetWare environments. For Windows Server 2003, Microsoft augmented and refined Active List by making the catalog service more flexible, more scalable, and more controllable than its Windows 2000 predecessor. Active Directory is a vital element in Windows Server 2003, and its various benefits can supply a irresistible reason to upgrade, particularly if you're coming from a Windows NT Server environment.
Understanding how to manage objects inside Active Directory is urgent for a successful deployment and trustworthy day to day operations of a Windows Server 2003 Active Directory"based network. In this chapter, we introduce you to Active Index for Windows Server 2003. You'll learn to add, remove, and manage PC accounts in Active List. Sadly, network administration doesn't always go smoothly, so you will also learn about the way to remedy PC accounts in Windows Server 2003 and Active Directory.
Microsoft released Windows Server 2003 Service Pack 1 (SP1) on March 2004, as a major update. In December 2005, Microsoft released the R2 (Release 2) Version of Windows Server 2003, in 32-bit (x86) and 64-bit (x64) versions. This chapter and this book covers all these different permutations of the Windows Server 2003 operating systemâ€"the original Release to Manufacturing (RTM) version, SP1, and R2 in both the 32-bit (x86) and 64-bit (x64) flavors. The functionality and features covered in this book have an application to all of these editions, except where noted.
Introduction to Active Catalog
The various enhancements to Active Index include some of the major feature enhancements of Windows Server 2003. Active Index is a replicated and distributed database that stores PC related info such as usernames, passwords, telephone numbers, addresses, e-mails, group names, and computer names, to name a few. Active List is referred to as a index service as it provides users and computers with the power to look up information in a similar way that you look up info using a phone book catalog.
Special servers called domain controllers (DCs) are designated to store a copy of the Active Directory database, and these DCs are answerable for synchronizing the Active Catalog database with all the other DCs that share the database. Server PCs alongside workstation computers that are members of an Active Index domain, perform a few Active List queries (or lookups) in their everyday operations. As an example, Active Catalog domain-member computers need to know where close by DCs are for authentication purposes.
Active Directory is based on open, Internet-related standards, such as the Transmission Control Custom/Net Protocol (TCP/IP), the Domain Name System (DNS), the Kerberos authentication custom, and the Light List Access Custom (LDAP), among many others. In reality you cannot install Active Directory without TCP/IP and DNS installed and. Functioning within the network environment. You need to name Active Index domains employing a full DNS name such as examcram2.informit.com.
Domains, Domain Trees, and Domain Forests
A Windows Server 2003 PC (or a Windows 2000 Server PC) becomes a DC when a director runs the Active Catalog Installation Magician. You can run the magician by clicking Start, Run; typing dcpromo.exe; and clicking OK. This process promotes a server to a DC. The wizard makes 1 or 2 changes to the server PC to prepare it to become a DC. One of the major changes is the creation of the Active List database file itself. This file is named ntds.dit, and it must reside on a hard disk partition or volume that is formatted as NTFS. The default location for the ntds.dit file is the %systemroot% tds folder (for instance, c:windows tds).
The first Windows Server 2003 (or Windows 2000 Server) DC that you promote creates the root domain. As an example, if you promote a DC and name the domain examcram2.net, this domain becomes the root domain in the new Active List forest. The basic logical components of Active Catalog are as follows:
Domainâ€"One or more DC servers and a group of users and PCs that share identical Active Directory database for authentication and can share common server resources.
Domain Treeâ€"One or even more Active List domains that share a typical ordered DNS namespace (parent-child-grandchild and so on). As an example, examcram2.net might be the parent domain, northamerica.examcram2.net might be the kid domain, us.northamerica.examcram2.net might be the grandchild domain, and so on.
Domain Forestâ€"One or even more Active Catalog domain trees (each tree has its own DNS namespace) that share the same Active Directory database. An Active Catalog forest is a logical container for a few related domains.
No Primary or Backup Domain Controllers
Windows NT Server 3.5x and Windows NT Server 4.0 used the idea of one first DC (PDC) and backup DCs (BDCs), where just one of the DCs could act as the PDC at any one time. The PDC stores the read/write copy of the safety accounts manager (SAM) database, while each BDC stores a read-only copy of the SAM database. Instead , Active Catalog uses a method called multimaster duplication to distribute copies of the Active Directory database to all the other DCs that share identical Active Catalog namespace. This replication technology means directors can make additions, changes, or deletions to the Active Catalog database from any DC, and those modifications get synchronized with all the other DCs inside an Active Directory domain and the GCs within the whole AD forest. Active Directory allots the role of PDC Emulator to the first DC to come online in an Active Index forest. The DC which has the PDC Emulator role can communicate between Active Index and down-level PDCs and BDCs running on Windows NT Server 3.5x and Windows NT Server 4.0.
Organizational Units
To improve network administration, Microsoft created organizational units (OUs) to make provision for logical groupings of users, groups, computers, and other objects inside a single domain. You can delegate administrative authority over each OU to other directors for distributing network-management chores. The delegated authority can be limited in scope, when necessary, in order that you can grant junior directors just specific executive powersâ€"not complete administrator-level authority. Additionally, you can apply specific group policy object (GPO) settings at the OU level, permitting users and PCs to be managed differently according to the OU in which they are placed.
The Microsoft Management Console (MMC)
The MMC is the standard interface for hosting all the varied GUI tools and resources that directors use to control the Windows and Active Directory environments. The MMC is a shell that houses MMC snap-insâ€"the snap-ins essentially supply the functionality. The MMC gives a consistent and homogenized feel and look for all the snap-in tools. MMC snap-in files use the file extension .msc. You can see a few of the default snap-ins if you peruse the %systemroot%system32 folder on a Windows Server 2003 PC.
For example, on a domain controller, you can run the Active Index Users and PCs (ADUC) snap-in by double-clicking the dsa.msc file in the %systemroot%system32 folder. Otherwise, you can run the ADUC snap-in by clicking Start, Run, typing in dsa.msc, and clicking OK. You should include the .msc file extension for the snap-in to run. You also have the choice of clicking Start, Run, typing in. Mmc, and clicking OK to display an empty console; you may then click File, Add/Remove Snap-in to load the snap-in of your preference.
MMC 3.0
ICON TYPE When you upgrade Windows Server 2003 to the R2 Edition, the MMC gets upgraded to version 3.0 mechanically. The MMC 3.0 sports 3 major improvements over its prior versions:
The Action paneâ€"The Action pane is displayed on the right side of the console when it is not hidden. (It is mostly concealed by default on most snap-ins.) The Show/Hide Action Pane toolbar icon shown in Figure 2.1 is quite similar to the Show/Hide Console Tree toolbar icon. The Action pane displays the actions that can be performed on the now selected item in the console tree (left pane) or in the results pane (center pane). You can view the same list of actions by right-clicking an item.
Figure 2.1
Figure 2.1 A view of the Action pane for the ADUC snap-in under MMC 3.0 and Windows Server 2003 R2.
Enhanced Boo boo Handlingâ€"MMC 3.0 notifies you when gaffes happen within loaded snap-ins that could cause the MMC shell to stop responding. When the MMC 3.0 detects a boo boo, it can offer you some options to handle the gaffe.
Improved Add or Remove Snap-in dialog boxâ€"The re-designed Add or Remove Snap-in dialog box for the MMC 3.0 makes it more straightforward to add, remove, and organise snap-ins (see Figure 2.2).
Figure 2.2
Figure 2.2 The Add or Remove Snap-ins dialog box under MMC 3.0 and Windows Server 2003 R2.
Examination Alert
To enable MMC 3.0 features like the new Add or Remove Snap-in dialog box, you must add a new subkey to the Windows Registry.
Always have a good, latest backup of your system before you endeavor to make any change to the Registry.
Using regedit.exe, the Microsoft Registry editor tool, navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftMMC. You should add a new subkey named UseNewUI under this existing Registry key to switch on the enhancements to MMC 3.0. No reboot is mandatory; the change is effective immediately.
TIP
ICON TYPE MMC 3.0 supports a more impressive range of functionality than prior versions of the MMC; nonetheless MMC snap-ins must support the new MMC 3.0 features for the reinforced functionality to be available.
About the Author:
Welcome to go and visit my blog and leave you comment. mcse-70-297.com That is a good blog about the IT authorization article and examination reports, Q&A and so on!
