INTRODUCING MICROSOFT WINDOWS SERVER 2003

11

INTRODUCING MICROSOFT WINDOWS SERVER 2003

Chapter 1

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 2

CHAPTER OVERVIEW

Identify the key differences among the Windows Server 2003 editions.

Install Windows Server 2003.

Identify the key structures and concepts of Active Directory.

Create a domain controller.

New features of Server 2003 Active Directory

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 3

WINDOWS SERVER 2003 EDITIONS

Web Edition

Standard Edition

Enterprise Edition

Datacenter Edition

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 4

SYSTEM REQUIREMENTS

WWeebb EEddiittiioonn

SSttaannddaarrdd EEddiittiioonn

EEnntteerrpprriissee EEddiittiioonn

DDaattaacceenntteerr EEddiittiioonn

Minimum processor speed

133 MHz 133 MHz 133 MHz 400 MHz

Minimum processor speed

550 MHz 550 MHz 733 MHz 733 MHz

Minimum RAM 128 MB 128 MB 128 MB 512 MB

Recommended minimum RAM

256 MB 256 MB 256 MB 1 GB

Maximum RAM 2 GB 4 GB 32 GB 64 GB

Symmetric multiprocessing (SMP) support

Up to 2 processors

Up to 4 processors

Up to 8 processors

Up to 32 processors

Minimum disk space 1.5 GB 1.5 GB 1.5 GB 1.5 GB

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 5

WEB EDITION

Single-purpose Web server platform

Limit of 10 inbound SMB connections

Support for up to two processors and up to 2 GB of RAM

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 6

STANDARD EDITION

Designed as a departmental server or for smaller organizations

Multipurpose server platform

Supports up to four processors and 4 GB of RAM

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 7

ENTERPRISE EDITION

Server platform for medium- to large-sized businesses

Supports up to eight processors and 32 GB of RAM

Eight-node clustering support through Microsoft Clustering Services

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 8

DATACENTER EDITION

Designed for high-end, high-traffic application servers

Supports up to 32 processors and 64 GB of RAM

Does not include ICF or ICS

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 9

64-BIT EDITIONS

EEnntteerrpprriissee EEddiittiioonn

DDaattaacceenntteerr EEddiittiioonn

Minimum processor speed

733 MHz 733 MHz

Maximum RAM 64 GB 512 GB

Symmetric multiprocessing (SMP) support

Up to 8 processors

Up to 64 processors

Minimum disk space

2 GB 2 GB

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 10

INSTALLING WINDOWS SERVER 2003

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 11

Server 2003 Deployment Methods

Manual Setup

Disk Imaging

Unattended Installation

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 12

Unattende.txt

;[Unattended] ;Method = Express|Custom ;NtUpgrade = Yes|No ;Win31Upgade = Yes|No ;TargetPath = *|<Path Name>|Manual ;OverwriteOemFilesOnUpgrade = Yes|No ;ConfirmHardware = Yes|No ;OEMPreinstall = Yes|No ;NoWaitAfterTextMode = (0 = stop, 1 = Reboot) ;NoWaitAfterGuiMode = (0 = stop, 1 = Reboot) ;FileSystem = ConvertNTFS|LeaveAlone ;ExtendOemPartition = (0 = no, 1 = Yes)

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 13

ACTIVATING WINDOWS SERVER 2003

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 14

Demo: Install Windows Server 2003

Launching setup

Setup settings

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 15

CONFIGURING WINDOWS SERVER 2003

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 16

SERVER ROLES

File server

Print server

Application server

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 17

SERVER ROLES (CONT.)

Mail server

Terminal Services server

Remote Access/VPN server

Domain contoller

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 18

SERVER ROLES (CONT.)

DNS server

DHCP server

Streaming media server

WINS server

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 19

AN ACTIVE DIRECTORY PRIMER

Standards-based, LDAP-compliant directory services system.

Hierarchical structure provides organizational and administrative benefits.

Directory services database can be distributed across multiple servers to provide fault tolerance and increase performance.

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 20

AN ACTIVE DIRECTORY PRIMER (CONT.)

Active Directory database is stored in the \WINDOWS\NTDS directory on each domain controller.

A repository for objects and resources, including user accounts, group accounts, computer accounts, and printers.

Each object has a set of properties that is also stored in Active Directory.

What Is a Directory Service?

A service that helps track and locate objects on a network A service that helps track and locate objects on a network

Active Directory Management

What Is a Directory Service?

A service that helps track and locate objects on a network A service that helps track and locate objects on a network

Active Directory Management

UsersUsersServicesServicesWorkstationsWorkstations FilesFiles

Active Directory Domains

CONTOSO.COM

Active Directory Domains

Boundary of Authentication

CONTOSO.COM

Active Directory Domains

Boundary of Authentication

Boundary of Policies

CONTOSO.COM

Active Directory Domains

Boundary of Authentication

Boundary of Policies

Boundary of Replication

CONTOSO.COM

Active Directory Trees

CONTOSO.COM

US.CONTOSO.COM

OHIO.US.CONTOSO.COM

Active Directory Trees

CONTOSO.COM

US.CONTOSO.COM

SharedSchema

Configuration

Global CatalogOHIO.US.CONTOSO.COM

Transitive Trusts

CONTOSO.COM

US.CONTOSO.COM

UK.CONTOSO.COM

Transitive Trusts

CONTOSO.COM

US.CONTOSO.COM

UK.CONTOSO.COM

Active Directory Forests

US.CONTOSO.COM

FABRIKAM.COM

UK.FABRIKAM.COM

CONTOSO.COM

Schema

Configuration

Global

Catalog

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 32

DOMAINS AND DOMAIN CONTROLLERS

Domain Controller

Contoso.com

Domains:Provide administrative and security boundariesAllow resources to be grouped logicallyCan contain Organizational Units (OU's) to further organize resources

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 33

OBJECTS AND ATTRIBUTES

Objects Users, groups, printers, computers

Attributes Names, phone numbers, locations

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 34

CONTAINERS AND LEAVES

Containers Domains, organizational units (OUs), groups

Leaves Users, printers, computers

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 35

GROUP POLICY

Group policy objects Collections of hundreds of possible

configuration settings.

Can be applied to users, computers, and OUs.

Policy applied at one level can override policy applied at another level.

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 36

CREATE A DOMAIN CONTROLLER

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 37

Demo: CREATE A DOMAIN CONTROLLER

Running DCPROMO

Configuring AD settings

Domain & Forest Functional Levels

Choosing a functional level

Forest and domain levels

Raising functional levels

Domain Functional Levels

Domain Functional Level

Domain Controllers Supported

Windows 2000 Mixed (default)

Windows NT 4.0, 2000, 2003

Windows 2000 Native Windows 2000, 2003

Windows Server 2003 Windows Server 2003

Additional features are available in each higher level.Additional features are available in each higher level.

Forest Functional Levels

• Improved replication• Forest-to-forest trusts• Improved schema functionality

• Improved replication• Forest-to-forest trusts• Improved schema functionality

Domain Functional Level

Domain Controllers Supported

Windows 2000 (default)Windows NT 4.0, 2000, 2003

Windows Server 2003 Windows Server 2003

Domain Renaming and Restructuring

Fabrikam.com

Sales Engineering

Northwindtraders.com

Contoso

Contoso

Domain Renaming and Restructuring

Fabrikam.com

Sales Engineering

Move an existing domain to another tree

Northwindtraders.com

Contoso.com

Domain Renaming and Restructuring

Fabrikam.com

Sales Engineering

Create a new tree

Northwindtraders.com

New Domain Controller from Replica

• Back up system state from a DC• Back up system state from a DC

> NTBackup SystemState

New Domain Controller from Replica

• Back up system state from a DC• Restore to prospective new DC• Back up system state from a DC• Restore to prospective new DC

New Domain Controller from Replica

• Back up system state from a DC• Restore to prospective new DC• Decreases initial replication load

• Back up system state from a DC• Restore to prospective new DC• Decreases initial replication load

New Interface Features

Drag-and-drop administration

Sales

Management

New Interface Features

Drag-and-drop administration

Saved Queries

Sales

Management

120 days since last logon

Command-Line Tools

Tool Used For

DSAddAdds objects, such as users, group, OU, and so on

DSGet Displays attributes of an AD object

DSMod Modifies an existing AD object

DSMove Moves or renames an AD object

DSQuery Queries and lists AD objects

DSRM Deletes AD objects

Global Catalog Replication

us.contoso.com

europe.contoso.com

Windows 2000 Active Directory

Windows Server 2003 Active Directory

Global Catalog Replication

us.contoso.com

europe.contoso.com

What Is Group Policy?

• Manage user and computer environments• Manage user and computer environments• Enforce IT policies• Enforce IT policies

• Simplify administrative tasks• Simplify administrative tasks• Implement security settings• Implement security settings

Group Policy Management Console

MMC snap-in

Includes Group Policy Object Editor

Reporting and modeling

Supports cross-forest trusts

Group Policy Modeling and Results

Group Policy Modeling

Simulates GPOs on user or computer

Group Policy Results

Reports actual policy settings

Backing Up and Restoring GPOs

Backing Up and Restoring GPOs

Backing Up and Restoring GPOs

WMI Filter

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controlle

r

XP Professional only

WMI Filter

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controlle

r

XP Professional only

Software Restriction Policies

Software Restriction Policies

Application started

Software Restriction Policies

Software Restriction Policies

Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule

Software Restriction Policies

Software Restriction Policies

Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule

Software Restriction Policies

Software Restriction Policies

Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule

Software Restriction Policies

Software Restriction Policies

Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule

Managing Desktops

Managing Desktops

Managing Desktops

Managing Desktops

Managing Desktops

Local Folder

Managing Desktops

Shared Network Folder

Managing Desktops

Managing Desktops

Elevated privileges

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 73

SUMMARY

Windows Server 2003 is available in Web Edition, Standard Edition, Enterprise Edition, and Datacenter Edition.

The Manage Your Server page and the Configure Your Server Wizard make it easy to configure a Windows Server 2003 system to perform specific roles.

Active Directory is a domain-based enterprise directory service that consists of objects, which are themselves composed of attributes.

The Active Directory hierarchy is formed using forests, trees, domains, and organizational units. Permissions, rights, and group policy settings all flow downward in the hierarchy.