1 / 23

Windows Server 2003 AD 安裝設定與管理維護

Windows Server 2003 AD 安裝設定與管理維護. 林寶森 jeffl@ms11.hinet.net. OU. OU. OU. Reasons to Maintain a Single Domain. Ease of Management Easier Delegation Fewer Members in Domain Admins Group Object Capacity Same as Multiple Domain Structure. OU. OU. OU. OU. OU. OU. OU. OU. OU. OU. OU.

Patman
Download Presentation

Windows Server 2003 AD 安裝設定與管理維護

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003AD 安裝設定與管理維護 林寶森 jeffl@ms11.hinet.net

  2. OU OU OU Reasons to Maintain a Single Domain • Ease of Management • Easier Delegation • Fewer Members in Domain Admins Group • Object Capacity Same as Multiple Domain Structure

  3. OU OU OU OU OU OU OU OU OU OU OU OU Reasons to Create Multiple Domains • Distinct domain-level policies • Tighter administrative control • Decentralized administration • Separation and control of affiliate relationships • Reduced replication traffic

  4. Installs the DNS Server Service Creates a Forward Lookup Zone Configures the Zone As Active Directory Integrated Enables Secure Dynamic Updates for the Zone Installing DNS During the Active Directory Installation • The Active Directory Installation Wizard Prompts You to Install and Configure a Local DNS Server if It Does Not Find an Existing DNS Infrastructure To Implement DNS, the Active Directory Wizard:

  5. Installing and Configuring DNS To Install and Configure DNS Assign a Static IP Address Configure the DNS Primary Suffix Install the DNS Server Service • Create a Forward Lookup Zone • Must be authoritative for your DNS domain • Enable dynamic updates Create a Reverse Lookup Zone (optional)

  6. Establishing the Root Domain • Start Installation Wizard • Select Domain Controller and Domain Type • Specify Required Information • Domain, DNS, and NetBIOS names • Database, log, and shared system volume locations • Select to weaken permissions • Active Directory Is Installed • Computer Is Domain Controller • Active Directory Tools Added

  7. Adding a Domain Controller to an Existing Domain • Start Installation Wizard • Select Domain Controller Type • Specify Required Information • Network credentials • DNS name of domain to join • Database, log, and shared system volume locations • Active Directory Is Installed

  8. Creating a Child Domain • Start Installation Wizard • Select Domain Controller and Domain Type • Specify Required Information • Network credentials • DNS names of parent and child domains • Database, log, and shared system volume locations • Select to weaken permissions • Active Directory Is Installed

  9. Creating a Tree in an Existing Forest • Start Installation Wizard • Select Domain Controller and Domain Type • Specify Required Information • Network credentials • DNS names of new tree • Database, log, and shared system volume locations • Select to weaken permissions • Active Directory Is Installed

  10. The Active Directory Installation Process The installation process • Starts the security protocol and sets the security policy • Creates the: • Active Directory partitions, database, and log files • Forest root domain • SYSVOL folder • Configures the site membership of the domain controller • Enables security on the directory service and the file replication folders • Applies the password for restore mode

  11. What Are SRV Resource Records? • SRV resource records are DNS records that map a service to the computer that provides the service • Format of SRV records • Example • Find Netlogon.dns in systemroot/System32/Config _Service._Protocol.Name  Ttl  Class  SRV Priority Weight Port Target _ldap._tcp.contoso.msft 600 IN SRV 0 100 389 london.contoso.msft

  12. Computer1 192.168.120.133 Zone Database Configuring Zones for Dynamic Updates • DNS Dynamic Update Protocol • Allows clients to automatically update DNS servers • Can be used in conjunction with DHCP DHCP Server Request for IP address 1 Assign IP address of 192.168.120.133 2 DHCP updates reverse resource record for Windows XP / 2003 clients and both resource records for other clients Windows XP / 2003 client updates forward resource record on DNS server DNS Server

  13. What Are Active Directory Integrated Zones? Active Directory Integrated Zones • Are primary and stub DNS zones that are stored as objects in the Active Directory database • Can be stored in an application or a domain partition • Offer the following benefits • Multimaster replication • Secure dynamic updates • Standard zone transfers to other DNS servers

  14. Domain Controller • Provide Credentials: • Enterprise Admins group member • Domain Admins group member Remove Active Directory Removing Active Directory • Remove Active Directory by: • Using the Active Directory Installation Wizard • Providing appropriate administrative credentials • The Active Directory Installation Wizard Performs Specific Removal Operations Depending on the Type of Domain Controller

  15. What Is a User Principal Name? • A logon name that is used only for logging on to a Windows Server 2003 network • Advantages • Unique in Active Directory • Can be the same as a user’s e-mail address suzanf@contoso.msft

  16. Schema Configuration <Domain> <Application> What Are Directory Partitions? Contains: Definitions and rules for creating and manipulating objects and attributes Forest Information about the Active Directory structure Information about domain-specific objects Domain Configurablereplication Information about applications Active Directory Database

  17. What Is a Schema? • A forest-wide definition of object classes and attributes that can be extended • Schema changes can be redefined or deactivated

  18. Contoso.msft Finance Sales Suzan Fine What Are Distinguished Names? Distinguished names identify an object's domain and path to reach it Relative distinguished name CN=Suzan Fine,OU=Sales,OU=Finance,DC=contoso,DC=msft

  19. Read Only Global Catalog What Is the Global Catalog? A repository that contains a subset of the attributes of all objects in Active Directory

  20. NTDS Settings Properties General Object Security NTDS Settings Description: Query Policy: Global Catalog Server OK Cancel Apply Creating a Global Catalog Server • Global Catalog Provides • Universal group membership information for the account • Domain information when using user principal names during logon

  21. When to Customize a Global Catalog Server Common Attributes Changed Attributes firstName lastName email address accountExpires distinguishedName department firstName lastName email address accountExpires distinguishedName Create additionalattributes Global Catalog Server Add only the additional attributes that you query or refer to frequently

  22. company Properties General company Company Description: Common Name: Company X.500 0ID: 1.2.840.113556.1.2.146 Syntax and Range Syntax: Unicode String 1 Minimum: Maximum: 64 This attribute is single-valued. Show objects of this class while browsing. Deactivate this attribute. Index this attribute in the Active Directory. Ambiguous Name Resolution (ANR) Replicate this attribute to the Global Catalog. Attribute is copied when duplicating a user. OK Cancel Apply Adding Object Attributes to the Global Catalog

  23. What Is Forest and Domain Functionality? Enable forest-wide or domain-wide Active Directory features

More Related